In this article, you'll receive a walk through of setting up a Device Magic organization for use in Microsoft Azure's Active Directory. To get started, please visit https://portal.azure.com and log in. Then, follow the steps outlined below. 

Set up user groups in Azure AD

You need to add two user groups (Security groups) to your Active Directory.

The first group is for users that may access the Device Magic web application and the second is for the devices that will be joined to your organization through the mobile app.

Please note, when a device signs in using SSO, they will automatically be joined to your organization without an administrator first approving each device. Any SSO devices will be billed at your current subscription rate.

Assign any users that require SSO access to the group(s) that they require access to.

Also, note the Object ID of the two newly created groups as you will need them to complete the setup in Device Magic later.

Microsoft Azure Active Directory only

Set up application in Azure AD

Please visit https://portal.azure.com and log in.

When logged in, select "Azure Active Directory".

Select "Enterprise applications".

Choose "+ New Application".

Select "Non-gallery application" and type a name for the application, ideally something like “Device Magic Forms”. Then, click "Add" at the bottom right.

Click "Azure Active Directory" in the left pane, then "App Registrations" and change the selection drop down from "My apps" to "All apps". 

Click the application you created, then "Manifest". In the application manifest, add at least one role. 

The "value" should correspond to the name of an existing user role in your Device Magic organization. Using the example in the screenshot below, there should be a role in the Device Magic organization titled "Forms-Read-Only".

In your application manifest, set the value of groupMemberShipClaims to SecurityGroup

Make sure you add the following 2 replyUrls

https://www.devicemagic.com/users/saml/auth
https://mobileforms.devicemagic.com/users/saml/device_auth

Click "Save" and go back to Azure Active Directory. 

Next, select "Enterprise Applications", then "All Applications", then the application you created, then "Users and groups".

You need to assign a user to the Device Magic application so they can log in. Also, assign one of the roles that you created in the previous step to the user.

Click the "Assign" button.

Now you need to configure the Single Sign On settings. Below "Users and groups", click "Single sign-on".

Text values from the above screenshot:

  1. https://www.devicemagic.com/users/saml/metadata
  2. https://www.devicemagic.com/users/saml/auth
  3. https://www.devicemagic.com/users/saml/login
  4. https://www.devicemagic.com

Under User Identifier, click “View and edit all other user attributes”.

In the section that opens, click on “Add attribute”

In the section that opens, enter the following values (do not paste the values) and click “OK”.

Name: roles

Value: user.assignedroles

Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims

Make sure the new attribute shows up and click “Save”

Make a note of your generated thumbprint.

Also, make a note of the three URLS here.

At this point, remember to save the settings.

Setting up SSO in your Device Magic organization

Click "Organization Settings" when logged in and then "SAML Settings".

Here you need to enter the 3 URLS and fingerprint that you made a note of earlier.

Save and then log out. Visit https://www.devicemagic.com/users/login and select "Log in with SSO".

Input your six digit organization key found on your Dashboard.

If everything is setup correctly, you will get the Microsoft Sign in page where you can then log in using your SSO email and password.

Did this answer your question?