(112) Microsoft Intune - iOS SSO Plug-in
- Mr B SOE way
- Mar 11, 2024
- 1 min read
The Microsoft Enterprise SSO plug-in provides single sign-on (SSO) to apps and websites that use Microsoft Entra ID for authentication, including Microsoft 365. This plug-in uses the Apple single sign-on app extension framework. It reduces the number of authentication prompts users get when using devices managed by Mobile Device Management (MDM), including any MDM that supports configuring SSO profiles.
Once set up, apps that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in. Apps that don't support MSAL can be allowed to use the extension, including browsers like Safari and apps that use Safari web view APIs. Just add the application bundle ID or prefix to the extension configuration.
Instructions:
Navigate to https://intune.microsoft.com/ > Devices> iOS/iPadOS > Create > Templates > Device Features > expand Single sign-on app extension.
Select the following:
SSO app extension type: Microsoft Entra ID
Enable shared device mode: Not configured
Apple bundle IDs:
com.apple.mobilesafari
com.microsoft.CompanyPortal
com.microsoft.azureauthenticator
com.microsoft.msedge
com.microsoft.skydrive
com.microsoft.Office.Outlook
com.microsoft.skype.teams
com.microsoft.scmx
Additional configuration:
Key: AppPrefixAllowList
Type: String
Value: com.microsoft.,com.apple.
Key: browser_sso_interaction_enabled
Type: Integer
Value: 1
Key: disable_explicit_app_prompt
Type: Integer
Value: 1
End result will look like this
Comments