Microsoft Single Sign On (SSO) for macOS.
  • 14 Aug 2024
  • 3 読む分
  • PDF

Microsoft Single Sign On (SSO) for macOS.

  • PDF

The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約

Introduction

Microsoft Enterprise SSO plug-in for Apple devices provides Single Sign on (SSO) for Microsoft Entra accounts on macOS, iOS and iPadOS across all applications that supports Apple’s enterprise single sign on feature. Users can now log in to their Mac computers using Identity Provider (IdP) credentials, such as Microsoft Entra ID or Azure AD and subsequently, sign in to corporate apps and websites automatically.

If you utilize Microsoft Entra/Azure and wish to enable your users to experience single sign-on across all applications, Microsoft offers a solution through the company portal app. This document provides guidance on how you can leverage this capability.

To know more about Microsoft Enterprise SSO please visit the Microsoft documentation:

https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin

https://learn.microsoft.com/en-us/mem/intune/configuration/use-enterprise-sso-plug-in-macos-with-intune?tabs=prereq-other-mdm%2Ccreate-profile-other-mdm

Prerequisites

  1. macOS 10.15 or higher must be installed on the device.

  2. A Microsoft application that provides the Microsoft Enterprise SSO plug-in for Apple devices must be installed on the device. This app is the Intune Company Portal app.

Steps to make this feature work with Scalefusion

  • Step 1: Install Intune Company Portal (ICP) app on the Mac device(s).

  • Step 2: Push the Custom Payload to Mac device(s).

Step 1: Install Intune Company Portal app on the Mac device(s).

  1. Download the Intune Company Portal (ICP) app PKG file from the following link: https://officecdn.microsoft.com/pr/C1297A47-86C4-4C1F-97FA-950631F94777/MacAutoupdate/CompanyPortal-Installer.pkg

  2. Log into your Scalefusion dashboard and navigate to Application Managment > Enterprise Store section.

  3. Click on Upload New App button > click on Upload macOS App.

  4. Click on Upload PKG file.

  5. Upload the previously downloaded ICP PKG file.

  6. Once the file is uploaded, click on Save.

  7. Publish the PKG file on the Device Profile for Mac device(s).

Step 2: Push the Custom Payload to Mac device(s).

  1. Copy the contents directly from below and add it in Custom Settings in the Device Profile or click here to download the file and import it in the Device Profile.

    <plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>ExtensionData</key>
                <dict>
                    <key>useSiteAutoDiscovery</key>
                    <true/>
                </dict>
                <key>ExtensionIdentifier</key>
                <string>com.microsoft.CompanyPortalMac.ssoextension</string>
                <key>TeamIdentifier</key>
                <string>UBF8T346G9</string>
                <key>URLs</key>
                <array>
                  <string>https://login.microsoftonline.com</string>
                  <string>https://login.microsoft.com</string>
                  <string>https://sts.windows.net</string>
                  <string>https://login.partner.microsoftonline.cn</string>
                  <string>https://login.chinacloudapi.cn</string>
                  <string>https://login.microsoftonline.us</string>
                  <string>https://login-us.microsoftonline.com</string>
                </array>
                <key>Type</key>
                <string>Redirect</string>
                <key>PayloadIdentifier</key>
                <string>com.example.myessopayload</string>
                <key>PayloadType</key>
                <string>com.apple.extensiblesso</string>
                <key>PayloadUUID</key>
                <string>dbed949d-39a2-440d-a84b-e0c825cdcb2e</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadDisplayName</key>
                <string>P1Extensible SSO</string>
            </dict>
        </array>
        <key>PayloadDisplayName</key>
        <string>Extensible SSO</string>
        <key>PayloadIdentifier</key>
        <string>com.example.myprofile</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
        <string>da3bbbec-a753-4aa7-aeae-a74b7a65c0b5</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
    </dict>
    </plist>
  2. Follow our guide on how to add the Custom Payload in the Device Profile & deploy it to devices.

Notes:

  1. The Payload and its contents are sourced from various albeit authenticated Apple Developer communities and forums.

  2. Please validate them on a test machine before deploying them on all your managed devices.

  3. Scalefusion has tested these Payloads, however, Scalefusion will not be responsible for any loss of data or system malfunction that may arise due to the incorrect usage of these payloads.

End user experience.

  1. The Intune Company Portal app does not require active use; it merely needs to be installed on the device.

  2. To initiate the extension, users sign in to any supported app or website, facilitating the bootstrap process, which configures the extension during the initial sign-in.

  3. Upon successful sign-in, the extension seamlessly and automatically authenticates users across all other supported apps or websites.

You can test single sign-on by opening Safari in private mode and opening the https://portal.office.com site. No username and password will be required.

If you encounter any difficulties or have questions, please reach out to our Support team at: support@scalefusion.com


この記事は役に立ちましたか?