Microsoft Authenticator SSO

Use Microsoft Entra ID to perform Single Sign On Authentication for your Android devices (without the usage of Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator feature).

Important: Once you Save and Assign this profile to a set of devices, you must create and configure an app policy using the Microsoft Authenticator app for the same set of devices.

Directory details

Important: Both Directory status and Conditional Access status must have matching Tenant ID.


Directory status	Select Manage to manage custom connections to Microsoft Entra ID. From the Manage Directory dialog box, select to add a Microsoft Entra ID tenant. From the Microsoft Entra ID Connection dialog box, enter a name for the connection. For the Microsoft Graph API Address field, the default value of https://graph.microsoft.com is the root endpoint address for Microsoft's Graph REST API service. You do not need to change/update this value unless Microsoft updates the Graph REST API service endpoint address. Then select to add a Microsoft Entra Tenant and then enter the following details: Enter a Name for the Tenant ID Configuration. Enter the Primary Domain and the Microsoft Entra tenant ID. You can find these in the Primary domain and Tenant ID fields in the Microsoft Entra ID Overview in Azure. See Microsoft Entra ID Overview for details. Enter the Metadata Endpoint Addressfrom Microsoft Entra ID in Mobility (MDM and MAM). See Microsoft Entra ID Overview for details. Optional: Select in the Custom Microsoft Entra ID Applications section, then enter the following fields: Enter an Application Name for the application. Enter the Client ID for the application from the Microsoft Entra ID in Mobility (MDM and MAM). See Microsoft Entra ID On-premises MDM application settings for details. Enter the Client Secret for the application from the Microsoft Entra ID in Mobility (MDM and MAM). See Microsoft Entra ID On-premises MDM application settings for details. Select Save. Then for each Microsoft Entra Tenant, select an application from the Application Name dropdown list.

Conditional Access details


Conditional Access status	Select Manage to view and manage SOTI MobiControl's connection with Microsoft Entra ID. From the Manage Microsoft integration dialog box, select Add credentials. Then enter your name and Microsoft Entra Tenant ID. Tip: If you have configured a directory connection earlier, you have the option to Populate the tenant ID from it. Tip: To locate your Tenant ID, open Home > Microsoft Entra from Microsoft Entra ID and log in with an Administrator account. Navigate to Microsoft Entra ID > Overview. You can see your Tenant ID under Basic Information. Once you select Save. A Microsoft Sign In message appears. Select Continue, then enter your Microsoft account details and complete the consent process. Then select Sync to complete the integration. You can also select Delete Credentials to remove the existing credentials to add a new one.