IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

End User Authentication Support for MaaS360 Windows Bulk Provisioning

By Abhin Lingamaneni posted Thu July 27, 2023 03:10 AM

  

MaaS360 Bulk Provisioning Tool can be used to seamlessly provision multiple windows endpoints with a single configuration. The tool can be used to create a base image or generate an exe which can be used to enroll devices to MaaS360. To learn more on configuration of Bulk Provisioning Tool please visit - https://community.ibm.com/community/user/security/blogs/neha-prasad1/2021/07/11/windows-10-bulk-provisioning-tool-from-maas360.

Why is end user authentication required:

The End User Authentication acts as secondary check so that only users of the respective organization can enroll the Windows 10+ end-points to the account managed by that organization.

Coming to how it works:

If End User Authentication checkbox is enabled during configuration (If this checkbox appears to be disabled please contact support),

after running the executable or deploying the configured image on the end-point, as a step prior to enrolment, End User Authentication screen automatically prompted and requires the user of the device to perform authentication before the MDM profile gets added in the background. The authentication type can be configured by the administrator from the MaaS360 portal.

Based on the Authentication type integrated on the MaaS360 portal, the imported user’s source will be set for the Authentication Type field. From the below screenshot which shows MaaS360 portal user details page, this user is imported from Windows Server > Active Directory configured with MaaS360 Cloud Extender. So, the default Authentication Type is set to Corporate(On-premise) for an user.

The following authentication methods are supported:

  • 1.      SAML based Authentication
  • 2.      Active Directory / Azure Active Directory
  • 3.      MaaS360 Local User Authentication.

After the authentication is successful MDM profile gets added silently in the background.

Configuration steps and steps to be performed on target device (device to be enrolled) are represented below -

Configuration Steps - Enable End User Authentication during Bulk Provisioning Tool configuration

Target Windows End-point Step 1:
Prompt on the target device to be enrolled after running the executable OR after deploying the configured Windows image

Target Windows End-point Step 2:
Username and Domain to be entered by end user

Target Windows End-point Steps:
Authentication type based on configuration set on the User details page in portal

Okta – SAML Auth Screen

Azure – SAML Auth Screen

MaaS360 Local User Auth Screen

0 comments
20 views

Permalink

https://community.ibm.com/community/user/blogs/abhin-lingamaneni/2023/07/27/end-user-authentication-support-for-maas360-window