Be sure these apps meet the allowlist requirements. For example, enter com.microsoft.,com.apple. Enter a list of prefixes for apps that don't support MSAL and are allowed to use SSO. Recommended value: com.microsoft.,com.apple. These properties are the default values used by the Microsoft SSO Extension, but they can be customized for your organization needs: Key For more information, go to Applications that don't use MSAL.Īdditional configuration: To customize the end user experience, you can add the following properties. SSO app extension type: Select Microsoft Azure AD:Īpp bundle ID: Enter a list of bundle IDs for apps that don't support MSAL and are allowed to use SSO. In Configuration settings, select Single sign-on app extension, and configure the following properties: This setting is optional, but recommended.
In the Microsoft Intune admin center, create a device configuration profile. Create a single sign-on app extension configuration profile Supports the following apps: - Apps, websites or services integrated with ADįor more information on the single sign-on extension, go to Single sign-on app extension. Supports the following apps: - Microsoft 365 - Apps, websites or services integrated with Azure AD Uses the Microsoft Azure AD SSO app extension type Single sign-on app extension with Kerberos To determine the correct SSO extension type for your scenario, use the following table: Microsoft Enterprise SSO plug-in for Apple Devices Be sure to create separate device profiles for each extension type you plan to use on your devices. The SSO Redirect and Kerberos extension types can both be used on a device at the same time. The Microsoft Enterprise SSO plug-in uses the SSO Payload Type with Redirect authentication. The SSO app extension is designed to improve the sign-in experience for apps and websites that use these authentication methods. When you use the SSO app extension, you use the SSO or Kerberos Payload Type for authentication.
Users don't need to use or configure the Company Portal app, it just needs to be installed on the device. On macOS devices, Apple requires the Company Portal app be installed.
To use the Microsoft Enterprise SSO plug-in on macOS devices:
JAMF AZURE AD HOW TO
This article shows how to deploy the Microsoft Enterprise SSO plug-in for macOS Apple devices with Intune, Jamf Pro, and other MDM solutions. Be careful with the apps you allow, they'll be able to bypass interactive sign-in prompts for the signed in user.įor more information, see Microsoft Enterprise SSO plug-in for Apple devices - apps that don't use MSAL. Just add the application bundle ID or prefix to the extension configuration.įor example, to allow a Microsoft app that doesn't support MSAL, add com.microsoft. Apps that don't support MSAL can be allowed to use the extension, including browsers like Safari and apps that use Safari web view APIs. Once set up, apps that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in. It reduces the number of authentication prompts users get when using devices managed by Mobile Device Management (MDM), including any MDM that supports configuring SSO profiles. This plug-in uses the Apple single sign-on app extension framework. The Microsoft Enterprise SSO plug-in provides single sign-on (SSO) to apps and websites that use Microsoft Azure Active Directory (Azure AD) for authentication, including Microsoft 365.
0 kommentar(er)
