End User Experience on Windows Devices

Once SSO configuration is created, users can sign in to the application when authenticated. The document describes how Scalefusion authenticates any user using SSO Configuration when they try to sign in to Gmail on Windows devices.

Pre-requisites

1. SSO Configuration is created on Scalefusion Dashboard
2. Users have been assigned with the SSO configuration
3. Authenticator app is available on device (on device managed by Scalefusion and OneIdP user is logged in to the device) 
4. Scalefusion MDM agent is installed on device

Case 1: Device is Unmanaged (not enrolled with Scalefusion)

On Windows devices which are unmanaged you can sign in to the application with an OTP. Let us assume in the SSO configuration, the Conditional Access > Device Policy is configured to allow access to Gmail application If the device is managed by Scalefusion or an OTP using OneIdP Authenticator app from a managed device.

Prerequisite 

• One another device enrolled with Scalefusion having Authenticator app, should be available.

Steps

Following steps are to be performed on an unmanaged Windows device:

1. Open Chrome browser and type www.gmail.com in the address bar 
2. On the Sign in screen, enter your email (the user's email to which you have assigned the application in SSO configuration). Click Next
   
3. You will be redirected to OneIdP sign in page. Enter your email id and password and click on Sign In.
   
4. On the next screen, click on Check Compliance & Sign In
   
   
   
   
5. Please wait for the authentication.
   
   
   
6. On the next screen you will be asked to enter the OTP generated on Authenticator app. At this point, go to the device enrolled with Scalefusion and click on Authenticator app to get the OTP.
   Note: Here we have shown a Windows device enrolled in Scalefusion with SSO configurations applied. It can be any other device also managed by Scalefusion.
   
   
   
   
7. The OTP that is shown inside Authenticator app needs to be entered here on your unmanaged windows device. Enter OTP and click on Log in
   
   
   
   
8. Once authentication takes place, you will be signed in to Gmail with that user.
   

Case 2: Device is managed by Scalefusion

Let us assume in the SSO configuration, the Conditional Access > Device Policy is configured to allow access of application only if Device is managed by Scalefusion.

Prerequisite 

• Device should be enrolled with Scalefusion with Authenticator app on it.

Steps

Following steps are to be performed on a managed Windows device:

1. Open Chrome browser and type www.gmail.com in the address bar 
2. On the Sign in screen, enter your email (the user's email to which you have assigned the application in SSO configuration). Click Next
   
3. You will be redirected to OneIdP sign in page. Enter your email id and password and click on Sign In.
   
4. On the next screen, click on Check Compliance & Sign In
   
   
   
   
5. Please wait for the authentication.
   
   
   
6. You will get a pop-up to allow opening Gmail. Click on Open
   
   
   
7. Once authentication completes, you will be signed in to the gmail account.