Skip to main content

I setup Platform SSO (enclave) and it works... okay. Outlook and OneDrive both still require me to enter the email address to begin. It's better than nothing, but deeper integration to capture username prompts would be great. And, it would be ideal if we didn't need Company Portal to broker this login. Jamf Connect is already connected to Entra. So, it would be great if it can broker platform SSO, and autofill usernames in apps with the app prefixes defined in the profile. 

you can do that by deploying a configuration profile with a custom payload of Plist 


refer to the below link 


com.microsoft.Outlook
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DefaultEmailAddressOrDomain</key>
<string>$EMAIL</string>
</dict>
</plist>


com.microsoft.Office
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OfficeActivationEmailAddress</key>
<string>$EMAIL</string>
<key>OfficeAutoSignIn</key> <true/>
</dict>
</plist>

https://www.jamf.com/blog/help-users-activate-microsoft-office-365-and-configure-outlook-in-one-click/?_gl=1*8o84mo*_gcl_au*ODEwMDY1MDczLjE3MjY2MjkwMTM.*_ga*MjEwOTE2NzAzOS4xNzI0NTE4ODk4*_ga_X3RD84REYK*MTcyOTY3OTY4OC4xMTIuMS4xNzI5NjgwMjc2LjAuMC4w


As @Shyamsundar Shyamsundar said, you can prefill the email address simply enough, but the user still needs to enter their password.


 


PSSO hooks macOS's login screen to an IDP to handle authentication and generate tickets. As Jamf Connect is not an IDP, but rather another tool like PSSO that uses an IDP for authentication passing tickets to applications from Jamf Connect is something the individual applications must support. Microsoft clearly wants you using the Comp Portal, and until they add the ability for the Comp Portal or Office to independently accept tickets from Jamf Connect there will always be multiple authentications.


Reply