![]() ![]() Supports the following apps: - Apps, websites or services integrated with ADįor more information on the single sign-on extension, see Single sign-on app extension. Supports the following apps: - Microsoft 365 - Apps, websites or services integrated with Azure AD Uses the SSO Redirect SSO app extension type Single sign-on app extension with Kerberos ![]() To determine the correct SSO extension type for your scenario, use the following table: Microsoft Enterprise SSO plug-in for Apple Devices Be sure to create separate device profiles for each extension type you plan to use on your devices. The SSO Redirect and Kerberos extension types can both be used on a device at the same time. The Microsoft Enterprise SSO plug-in uses the SSO Payload Type with Redirect authentication. The SSO app extension is designed to improve the sign-in experience for apps and websites that use these authentication methods. In Jamf Pro, when you use the SSO app extension, you use the SSO or Kerberos Payload Type for authentication. Jamf Pro and Intune integration for device compliance is not required to use the SSO app extension. The app just need to be installed on the device. Users don't need to use the Authenticator or Company Portal apps. On Apple devices, Apple requires that the SSO app extension and the app (Authenticator or Company Portal) be installed. For a list of options on how to install the Company Portal app, see Jamf Pro's documentation. The Company Portal app can be installed manually by users, or by deploying the app through Jamf Pro. On macOS 10.15 and newer devices, install the Company Portal app. For information on how to install the Microsoft Authenticator app, see Jamf Pro's documentation. The Microsoft Authenticator app can be installed manually by users, or by deploying the app through Jamf Pro. ![]() ![]() On iOS/iPadOS 13.0 and newer devices, install the Microsoft Authenticator app. To use the Microsoft Enterprise SSO plug-in for Apple devices: Supplemental Terms of Use for Microsoft Azure Previews.Certain features might not be supported or might have restricted behavior. It's not recommended to use in production. This preview version is provided without a service level agreement (SLA). The Microsoft Enterprise SSO plug-in for Apple Devices is in public preview. This article shows how to deploy the Microsoft Enterprise SSO plug-in (preview) for Apple Devices with Jamf Pro. They can bypass interactive sign-in prompts for the signed in user.įor more information, see Microsoft Enterprise SSO plug-in for Apple devices - apps that don't use MSAL. Just add the application bundle ID or prefix to the extension configuration.įor example, to allow a Microsoft app that doesn't support MSAL, add com.microsoft. Apps that don't support MSAL can be allowed to use the extension. Once set up, apps that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in (preview). It reduces the number of authentication prompts users get when using devices managed by Mobile Device Management (MDM), including Jamf Pro. This plug-in uses the Apple single sign-on app extension framework. IPads that are associated with the PreStage enrollment and meet Shared iPad requirements are enrolled with Jamf Pro as Shared iPad.The Microsoft Enterprise SSO plug-in (preview) provides single sign-on (SSO) to apps and websites that use Microsoft Azure Active Directory (Azure AD) for authentication, including Microsoft 365. The mobile devices listed on the Scope tab are the mobile devices that are associated with Automated Device Enrollment (formerly DEP) via the server token file (.p7m) you downloaded from Apple. (In Jamf Pro 10.12.0 or earlier, the maximum number of user accounts is 10.)Ĭlick the Scope tab and configure the scope of the PreStage enrollment by selecting the checkbox next to each iPad that you want to add to the scope. This limits the number of user accounts that can be stored locally on the iPad. Use the General payload to enable Shared iPad.Įnter the maximum number (up to 99) of users accounts that can be stored with Shared iPad using the Number of users text field. If you are editing an existing PreStage enrollment, click the PreStage enrollment you want to edit, and then click Edit. For additional instructions on creating a new PreStage enrollment, see Mobile Device PreStage Enrollments in the Jamf Pro Administrator’s Guide. If you are creating a new PreStage enrollment, click New. ![]()
0 Comments
Leave a Reply. |