As the group manager, you can configure Nomadesk, so that your managed users will have to authenticate to Microsoft Azure Active Directory, instead of using 'Nomadesk' (Email and password) authentication.
Keep in mind, that once you enable this, all the users in your managed group must have an Azure AD account, that has the same email address as they do on Nomadesk.
Doing this requires some configuration in both Nomadesk (SAML settings), and your Azure AD.
1. login at https://manage.windowsazure.com
2. go to active directory
3. go to App registrations -> select New application registration
4. fill out the requested information and click create
- Name = Nomadesk
- Application type = Web app / API
- Sign-on URL = https://mynomadesk.com
5. under App registrations go to Endpoints
6. copy the Federation Metadata Document URL
7. go to myNomadesk.com (login with the group manager account)
8. go to Manage -> Group Settings -> Security Settings -> SAML
9. paste the Federation metadata URL from step 6 in the Identity provider metadata URL, click save and confirm
10. copy the Federation metadata URL that you get after step 9
11. go back to the Azure AD portal -> Active Directory -> App registrations -> select the Nomadesk app
12. go to keys -> fill out Nomadesk -> set the preferred expiry -> click Save
13. go to Reply URLs -> remove the pre-filled one there -> paste the "SAML:2.0:bindings:HTTP-POST"-url from the document you downloaded visiting the Identity provider metadata URL from step 10 there and click save
14. go to Properties -> paste the Federation Metadata URL from step 10 in the App ID URL -> save
15. go to myNomadesk.com and log in -> you'll get an error message -> copy the link after reply address
16. go back to the Azure AD portal -> Active Directory -> App registrations -> select the Nomadesk app -> Reply URLs
17. paste the URL from the error from step 15 in the reply URLs
18. you can now log in correctly at myNomadesk.com