Connect Microsoft Entra ID for Microsoft Authenticator SSO (iOS/ iPadOS)

Set up a trusted connection between SOTI MobiControl and Microsoft Entra ID to support device registration and Single Sign-On (SSO) for Microsoft apps.

Before you begin

Ensure you have already added the Microsoft Authenticator SSO payload to a Reactive iOS profile. See Add a Microsoft Authenticator SSO Payload (iOS/iPadOS).

About this task

This is the second step in the Microsoft Authenticator SSO configuration. See Configuring Microsoft Authenticator Single Sign-On (iOS/ iPadOS). In this step, you connect your Microsoft Entra ID tenant to SOTI MobiControl by defining directory and tenant settings. This allows devices to register to Entra ID and enables authentication through the Microsoft SSO app.

Procedure

  1. In the Directory Details section of your Microsoft Authenticator SSO payload, select Manage to open the Manage Directory window.
    Managing your Microsoft SSO directory connection.
  2. Select (Add) to create a new Microsoft Entra ID connection.
    Adding a directory connection.
  3. In the Microsoft Entra ID Connection dialog box, enter the following:
    • A name for the connection.
    • Microsoft Graph API Address: https://graph.microsoft.com (default).
    Adding a new connection.
  4. Select (Add) to define the tenant details:
    • Primary Domain: The domain assigned to your Entra ID tenant.
    • Microsoft Entra Tenant ID: The tenant ID of your enterprise Microsoft Entra instance.
    • Metadata Endpoint Address: The URL provided by Microsoft Entra ID that exposes your tenant’s federation and configuration details in XML format.
    Adding in the directory connection's configuration details.
    Tip: To find your Microsoft Entra ID tenant details:
    1. Navigate to the Microsoft Entra admin center in the Azure portal (https://portal.azure.com/#home).
    2. Go to Entra ID → Overview and copy the Primary domain and Tenant ID values from the Basic Information section.
      Overview screen in the Azure Portal
    3. To find the Metadata endpoint address, go to App registrations → Endpoints in your Microsoft Entra ID tenant and copy the Federation Metadata document URL value.
      Microsoft Entra ID onpremises MDM applications settings.
      Microsoft Entra ID Endpoints screen.
  5. Select Save to save the Entra ID connection.
    Saving the directory connection.
  6. Assign the default Microsoft SSO application that was added automatically by selecting it in the Application Name list.
    Selecting the saved connection and the default Microsoft SSO application.

Results

A Configured status appears in the Directory Details section once connected.
The Connection with Microsoft Single Sign-On appears with a configured status.

What to do next

Continue with configuring Microsoft Authenticator SSO for your iOS/ iPadOS devices by configuring Microsoft Conditional Access. See Configure Conditional Access for Microsoft Authenticator SSO (iOS/iPadOS).