This profile includes the settings to configure the SSO app extension on devices.
In the Jamf Pro portal, you create a Computer or Device configuration profile. Create a single sign-on app extension configuration profile in Jamf Pro Supports the following apps: - Apps, websites or services integrated with ADįor more information on the single sign-on extension, see Single sign-on app extension. Supports the following apps: - Microsoft 365 - Apps, websites or services integrated with Azure AD Uses the SSO Redirect SSO app extension type Single sign-on app extension with Kerberos To determine the correct SSO extension type for your scenario, use the following table: Microsoft Enterprise SSO plug-in for Apple Devices Be sure to create separate device profiles for each extension type you plan to use on your devices. The SSO Redirect and Kerberos extension types can both be used on a device at the same time.
The Microsoft Enterprise SSO plug-in uses the SSO Payload Type with Redirect authentication. The SSO app extension is designed to improve the sign-in experience for apps and websites that use these authentication methods. In Jamf Pro, when you use the SSO app extension, you use the SSO or Kerberos Payload Type for authentication. Jamf Pro and Intune integration for device compliance is not required to use the SSO app extension. The app just need to be installed on the device. Users don't need to use the Authenticator or Company Portal apps. On Apple devices, Apple requires that the SSO app extension and the app (Authenticator or Company Portal) be installed.
For a list of options on how to install the Company Portal app, see Jamf Pro's documentation. The Company Portal app can be installed manually by users, or by deploying the app through Jamf Pro. On macOS 10.15 and newer devices, install the Company Portal app. For information on how to install the Microsoft Authenticator app, see Jamf Pro's documentation. The Microsoft Authenticator app can be installed manually by users, or by deploying the app through Jamf Pro. On iOS/iPadOS 13.0 and newer devices, install the Microsoft Authenticator app. To use the Microsoft Enterprise SSO plug-in for Apple devices:
They can bypass interactive sign-in prompts for the signed in user.įor more information, see Microsoft Enterprise SSO plug-in for Apple devices - apps that don't use MSAL. Just add the application bundle ID or prefix to the extension configuration.įor example, to allow a Microsoft app that doesn't support MSAL, add com.microsoft. Apps that don't support MSAL can be allowed to use the extension. Once set up, apps that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in (preview). It reduces the number of authentication prompts users get when using devices managed by Mobile Device Management (MDM), including Jamf Pro. This plug-in uses the Apple single sign-on app extension framework. The Microsoft Enterprise SSO plug-in (preview) provides single sign-on (SSO) to apps and websites that use Microsoft Azure Active Directory (Azure AD) for authentication, including Microsoft 365.