For iOS, the default value would be set to com.apple. This parameter allows all apps that start with a particular prefix to participate in SSO. Value: Comma-delimited list of application bundle ID prefixes for the applications that are allowed to participate in SSO.MacOS BundleID : Enable SSO for all apps with a specific bundle ID prefix Can be configured not to participate in SSO by adding the bundle IDs of Safari and Safari View Service in AppBlockList. Safari and Safari View Service are allowed to participate in SSO by default. An allowlist is used to configure these applications to use the SSO plug-in. Microsoft has made it easy to configure the plug-in using Microsoft Intune. By using an MDM provider, you can turn on the SSO plug-in for your applications. Your organization likely uses the Authenticator app for scenarios like multifactor authentication (MFA), passwordless authentication, and conditional access. MDM-enrolled their device with your organization.Downloaded the Authenticator app on iOS or iPadOS, or downloaded the Intune Company Portal app on macOS.The SSO plug-in is installed automatically by devices that have: The SSO plug-in allows any application to participate in SSO even if it wasn't developed by using a Microsoft SDK like Microsoft Authentication Library (MSAL). You can add more configuration options to extend SSO functionality to other apps. Use the following deployment guides to enable the Microsoft Enterprise SSO plug-in using your chosen MDM solution: Intune: Team ID: This field isn't needed for iOS.Use the following parameters to configure the Microsoft Enterprise SSO plug-in and its configuration options. If you don't use Intune for MDM, you can configure an Extensible Single Sign On profile payload for Apple devices. Manual configuration for other MDM services The profile settings that enable the SSO plug-in are automatically applied to the group's devices the next time each device checks in with Intune. If the profile isn't already assigned, assign the profile to a user or device group.Configure the SSO app extension settings of a configuration profile.If you use Microsoft Intune as your MDM service, you can use built-in configuration profile settings to enable the Microsoft Enterprise SSO plug-in: Use the following information to enable the SSO plug-in by using MDM. This app is the Intune Company Portal app. A Microsoft application that provides the Microsoft Enterprise SSO plug-in for Apple devices must be installed on the device.macOS 10.15 or higher must be installed on the device.This app is the Microsoft Authenticator app. iOS 13.0 or higher must be installed on the device.Configuration must be pushed to the device to enable the Enterprise SSO plug-in.The device must be enrolled in MDM, for example, through Microsoft Intune.macOS 10.15 and later: Intune Company Portal app.iPadOS 13.0 and later: Microsoft Authenticator app.iOS 13.0 and later: Microsoft Authenticator app.The device must support and have an installed app that has the Microsoft Enterprise SSO plug-in for Apple devices:.To use the Microsoft Enterprise SSO plug-in for Apple devices: It is natively integrated with the MSAL, which provides a smooth native experience to the end user when the Microsoft Enterprise SSO plug-in is enabled.It extends SSO to applications that use OAuth 2, OpenID Connect, and SAML.It extends SSO to applications that don't yet use the Microsoft Authentication Library (MSAL).It can be enabled by any mobile device management (MDM) solution and is supported in both device and user enrollment.It provides SSO for Azure AD accounts across all applications that support the Apple Enterprise SSO feature.The Microsoft Enterprise SSO plug-in for Apple devices offers the following benefits: The Enterprise SSO plug-in is currently a built-in feature of the following apps: Microsoft worked closely with Apple to develop this plug-in to increase your application's usability while providing the best protection available. The plug-in provides SSO for even old applications that your business might depend on but that don't yet support the latest identity libraries or protocols. The Microsoft Enterprise SSO plug-in for Apple devices provides single sign-on (SSO) for Azure Active Directory (Azure AD) accounts on macOS, iOS, and iPadOS across all applications that support Apple's enterprise single sign-on feature.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |