![]() For example, a good policy name is iOS: Microsoft Enterprise SSO plug-in. Name your policies so you can easily identify them later. Name: Enter a descriptive name for the policy.In Basics, enter the following properties: Profile type: Select Templates > Device features.Sign in to the Microsoft Intune admin center. This profile includes the settings to configure the SSO app extension on devices. In the Microsoft Intune admin center, create a device configuration profile. Create a single sign-on app extension configuration profile Supports the following apps: - Apps, websites or services integrated with ADįor more information on the single sign-on extension, go to Single sign-on app extension. Supports the following apps: - Microsoft 365 - Apps, websites or services integrated with Microsoft Entra ID Uses the Microsoft Entra ID SSO app extension type Single sign-on app extension with Kerberos To determine the correct SSO extension type for your scenario, use the following table: Microsoft Enterprise SSO plug-in for Apple Devices Be sure to create separate device profiles for each extension type you plan to use on your devices. The SSO Redirect and Kerberos extension types can both be used on a device at the same time. The Microsoft Enterprise SSO plug-in uses the SSO Payload Type with Redirect authentication. The SSO app extension is designed to improve the sign-in experience for apps and websites that use these authentication methods. When you use the SSO app extension, you use the SSO or Kerberos Payload Type for authentication. Users don't need to use or configure the Microsoft Authenticator app, it just needs to be installed on the device. On iOS/iPadOS devices, Apple requires that the SSO app extension and the Microsoft Authenticator app be installed. Or, admins can deploy the app using an MDM policy. Users can install the Microsoft Authenticator app manually. The Microsoft Authenticator app must be installed on the device.The MDM solution must support configuring Single Sign-on MDM payload settings for Apple devices with a device policy.The device is managed by a mobile device management (MDM) provider solution.Jamf Pro and Intune integration for device compliance is not required to use the SSO app extension. For a list of options on how to install the Microsoft Authenticator app, go to Managing macOS installers using Jamf Pro (opens Jamf Pro's web site). Or, admins can deploy the app using Jamf Pro. For information on how to install the Microsoft Authenticator app, go to Manage Apple volume-purchased apps. Or, admins can deploy the app using Intune. The Microsoft Authenticator app must be installed on the device. To use the Microsoft Enterprise SSO plug-in on iOS/iPadOS devices: This article shows how to deploy the Microsoft Enterprise SSO plug-in for iOS/iPadOS Apple devices with Intune, Jamf Pro, and other MDM solutions. Be careful with the apps you allow, they'll be able to bypass interactive sign-in prompts for the signed in user.įor more information, see Microsoft Enterprise SSO plug-in for Apple devices - apps that don't use MSAL. Just add the application bundle ID or prefix to the extension configuration.įor example, to allow a Microsoft app that doesn't support MSAL, add com.microsoft. Apps that don't support MSAL can be allowed to use the extension, including browsers like Safari and apps that use Safari web view APIs. Once set up, apps that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in. It reduces the number of authentication prompts users get when using devices managed by Mobile Device Management (MDM), including any MDM that supports configuring SSO profiles. This plug-in uses the Apple single sign-on app extension framework. The Microsoft Enterprise SSO plug-in provides single sign-on (SSO) to apps and websites that use Microsoft Entra ID for authentication, including Microsoft 365.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |