As the group manager, you can configure Nomadesk, so that your managed users will have to authenticate to Microsoft Azure Active Directory, instead of using 'Nomadesk' (Email and password) authentication.
Keep in mind, that once you enable this, all the users in your managed group must have an Azure AD account, that has the same email address as they do on Nomadesk.
NOTE: when Azure AD is enable you are NOT able to log in offline, as the verification happens via Azure AD, which can't be done when offline.
Doing this requires some configuration in both Nomadesk (SAML settings), and your Azure AD.
1. login at https://manage.windowsazure.com
2. go to active directory
3. go to App registrations -> select New application registration
4. fill out the requested information and click create
- Name = Nomadesk
- Application type = Web app / API
- Sign-on URL = https://mynomadesk.com
5. under App registrations go to Endpoints
6. copy the Federation Metadata Document URL
7. go to myNomadesk.com (login with the group manager account)
8. go to Manage -> Group Settings -> Security Settings -> SAML
9. paste the Federation metadata URL from step 6 in the Identity provider metadata URL, click save and confirm
10. copy the Federation metadata URL that you get after step 9
11. go back to the Azure AD portal -> Active Directory -> App registrations -> select the Nomadesk app
12. go to keys -> fill out Nomadesk -> set the preferred expiry -> click Save
13. visit the URL from step 10 and download the file
14. open the file with a texeditor and copy the "SAML:2.0:bindings:HTTP-POST"-url
15. go to Reply URLs -> remove the pre-filled one there -> paste the "SAML:2.0:bindings:HTTP-POST"-url and click save (don't just copy paste the URL from step 10, but open it in a browser and downloaden the file to view its content)
16. go to Properties -> paste the Federation Metadata URL from step 10 in the App ID URL -> save
17. go to myNomadesk.com and log in -> you'll get an error message -> copy the link after reply address
18. go back to the Azure AD portal -> Active Directory -> App registrations -> select the Nomadesk app -> Reply URLs
19. paste the URL from the error from step 15 in the reply URLs
20. you can now log in correctly at myNomadesk.com