Active Directory Integration


You can sync your company's hierarchy and verify user authentication. Check out the workflow to ensure the integration runs smoothly:

You can setup Active Directory (LDAP) to sync your company's hierarchy and verify user authentication. Enter your Active Directory info to set up the profile: enter the profile name, base domain and server info.

Provide the Server Public Information in the fields below to enable data Synchronization and enable Authentication on Mosyle Web Panel and the Mosyle App. If you just want to use Mosyle Auth (macOS Login Window) with Mosyle Auth On-Premises, you can ignore this step. Enter the public IP or the FQDN (domain) to the AD Server; port; AD version (just version 3 supports more than 1000 entries). To enable the AD with SSL, use LDAPs://ip address or LDAPs://fqd

To allow data synchronization and authentication on Mosyle Web Panel and the Mosyle App, the AD Server must be public and reachable by Mosyle servers. Release the following IPs in your firewall: 146.20.178.15

To enable Active Directory integration with SSL, you can use LDAP with TLS or LDAPs. If using LDAP with TLS, check the box next to “Use TLS for connection”

Tip from our Support Team: if you are using LDAPs with SSL, you'll want to use port 636 instead of port 389 and be sure to upload the SSL certificate required for connection. You can find additional information in the Microsoft Support portal. If you are using just LDAP, you can use port 389

Then, choose the Directory Type from the dropdown menu. You are able to choose Active Directory or Apple Open Directory.

Finally, upload the Certificate for secure connection if needed and click "Save" to complete the process.

Configure Authentication

Configure Synchronization

By selecting this option, users that used to be synced through AD but aren’t being synced any longer will be automatically deleted.

Automatically delete groups

By selecting this option, groups created through AD will be automatically deleted when no longer synced.

Automatically delete empty groups

By selecting this option, groups created through AD will be automatically deleted once empty after the sync.

Sync automatically

The synchronization process will run every day at the selected time.

Integration with Active Directory Federation Services (ADFS)

You can setup Active Directory Federation Services to verify user authentication. It's critical to prepare your ADFS settings before integrating it into Mosyle Business. Check out the step-by-step instructions below on how to do it:

First, import Mosyle Metadata into your ADFS. Download the Mosyle Service Provider Metadata by clicking on this link.

Then, set the following URL as the relying party trust URL: https://mybusiness.mosyle.com/

In the sequence, set the following URLs as the trusted URL for the Assertion Consumer Endpoints:

https://mybusiness.mosyle.com/sso/index.php?acs

https://mybusiness.mosyle.com/ssoapp/adfs.php

You will now need to configure an Issuance Transform Rule. This means that you will send LDAP Attributes as Claims and set the Attribute store to Active Directory.

Next, map the following LDAP Attributes:

When you complete this, click Finish

Now, click Add Rules to add a rule to Transform an Incoming Call.

When you complete this, click Finish

Back in the Mosyle Business platform, add your AD Information (Metadata URL, Login URL and Logout URL) in the required fields.

To complete the process, generate a valid .PEM certificate and click "Save".