Enterprise Mobility Management uses a customer organization's Active Directory instance to identify the users invited to register their mobile devices. Security policies in Enterprise Mobility Management are applied to a device based on its association with an Active Directory user.
User records are imported into Enterprise Mobility Management from Active Directory.
The security group a user belongs to in Active Directory determines the policy profile they are assigned in Enterprise Mobility Management. Switching a user to a different security group in Active Directory reassigns that user to a different policy profile in Enterprise Mobility Management.
Devices are mapped to the users once they install and register the Kaseya Agent on their devices using the unique activation code emailed to them.
The user's mobile devices do not need access to Active Directory for authentication. An app request is sent from the device to Enterprise Mobility Management which relays the request to Active Directory.
The AD authentication component within Enterprise Mobility Management does not store any user credentials but only acts as a relay for AD authentication.
Creating Three Active Directory Security Groups
Enterprise Mobility Management requires three security groups be created in Active Directory. These map to three security policies in Enterprise Mobility Management:
High Security Policy
Medium Security Policy
Low Security Policy
All Active Directory user records intended for import into Enterprise Mobility Management must be included in one of these three security groups.
Open the Active Directory console and create a new organizational unit called Kaseya EMM Groups under the main domain.
Create three security groups under Kaseya EMM Groups. Name them High Security Group, Medium Security Group and Low Security Group.
Note:You may name these security groups differently. But for ease of mapping with Enterprise Mobility Management, we recommend using these names.
Right click each of the three Kaseya EMM Groups, then click the Properties option. Open the Members tab, then click the Add button.
Search for users in Active Directory to add to each of the three Kaseya EMM Groups.
Now you have created the three EMM security groups (High Medium and Low) and mapped appropriate users to them.
Once the configuration is complete, make note of the following. This information is required to connect to any instance of Active Directory you intend to associate with an organization within Enterprise Mobility Management.
The domain name or IP address of the Active Directory server.
Ensure the Active Directory instance can be accesssed from the VSA. Only the TLS protocol and port 389 are supported at this time.
The base DN (distinguished name) to search for: Example: OU=Kaseya EMM Groups,DC=company,DC=com
The credential to use to authenticate read access to this distinguished name. A dedicated credential is recommended.
