Configuring Entra ID for LDO SSO

Configuring Entra ID for LDO SSO

This guide explains how to migrate Lenovo Device Orchestration (LDO) to Microsoft Entra ID. This process involves setting up a new app in Microsoft Entra, collecting necessary configuration data, and updating the authentication settings in LDO. Please note that this feature is available exclusively to Organization Admins.

Access the Organization Account in LDO

  1. Click the down list at the top of the LDO portal and select “Configurations & Settings”
  2. Select Organization Settings.


  3. Go to the Authentication tab.
  4. Click Change provider and follow the on-screen instructions.


 Register the Application in Microsoft Entra

  1. Go to https://portal.azure.com/ and log in.
  2. Select Manage Microsoft Entra ID.


  3. Navigate to the App registrations page.
  4. Click New Registration to create a new app (client app).
    The Redirect URL can be entered later when you receive this value in an email/LDO dialog.

Collect Required Data

  1. After creating the new application, collect the required data to update the organization's authentication type to Microsoft Entra ID.
  2. Copy the Application (client) ID from the Microsoft Entra Portal Application Overview page.

Generate Client Secret

  1. Navigate to the Certificates & Secrets page.
  2. Create a new Client Secret and copy the secret value on that page (please note the secret value must be copied not the secret ID)

Obtain OpenID Connect metadata

  1. Navigate to Application Overview.
  2. Open the Endpoints tray. 
  3. Copy the OpenID Connect metadata document link.
  4. Open this link in a new browser tab and download the page info to your computer. This IDP Configuration file is required to change the organization authentication type to Microsoft Entra.

Update Organization Authentication in LDO

  1. Enter Client ID and Client Secret, as shown below.
  2. Upload IDP Configuration file and click
    Next.


  3. Copy the Redirect URL either from the LDO Dialog box shown below or via email which you will receive shortly after completing the above step:

Finalize Setup

  1. Navigate to Apps Registration and open your app page.
  2. Go to Authentication section.
  3. Click Add a platform and select Web.
  4. Enter the Redirect URL.
  5. Save changes. 


Once all steps are complete, the Microsoft Entra AD setup is finished. Your organization can now use Microsoft Entra ID for authentication.

    • Related Articles

    • Integrating Microsoft Entra ID with LDO

      Navigate to the Microsoft Azure Portal. Proceed to Microsoft Entra ID > App registrations and select New registration. Register a new application. Securely note the following generated values: Application (client) ID Directory (tenant) ID Generate a ...

    • Migrating LDO to Microsoft Entra

      This guide explains how to migrate Lenovo Device Orchestration (LDO) to Microsoft Entra ID. This process involves setting up a new app in Microsoft Entra, collecting necessary configuration data, and updating the authentication settings in LDO. ...

    • LDO DEX (SysTrack)

      Lenovo Device Orchestration can be bundled with various Digital Experience Management (DEX) solutions. Currently, LDO supports integration with SysTrack by Lakeside Software. Integrations with SysTrack The LDO DEX (SysTrack) bundled solution includes ...

    • Setting Up LDO ServiceNow Integration

      Prerequisites Before configuring the integration between LDO and ServiceNow, ensure the following prerequisites are met to establish proper synchronization: Terminology Alignment In LDO, a physical device (such as a laptop, desktop, or server) is ...

    • Deploying Lenovo Device Orchestration Agent in Intune

      This article provides instructions for creating an Intune application to deploy the Lenovo Device Orchestration Agent. Download the LDO Agent and set the expiry date of the agent. In the LDO console, go to Device Management > Devices. Click on the ...