Enabling iOS Enrollment Authentication in Mobile Management 7.1 SP1 has been simplified from previous versions of 7.1. Here are the available fields:
What they do:
Enable Authentication Check - if this checkbox is selected, then the Management Agent on the iOS device is required to submit valid credentials upon enrollment. If this selection is not marked, any credentials (valid or invalid) may be used to enroll a device.
Domain - this should contain the domain your device authenticates against, e.g. "symantec" or "corp.symantec".
Extension - this contains the extension to your domain, e.g. "com" or "co.uk".
AD/LDAP Server - this is the LDAP server name that the MMS will query to validate the Authentication credentials. Only the system name is needed, not the FQDN of the system.
Allowed Groups - if this is left blank, then any user in the Domain can enroll a device. This can be populated with a list of groups, separated by the pipe character, e.g. "IT|Support|Sales" to limit which users can enroll a device.