I had been having similar problems and went looking through Microsoft's documentation. I noticed that the recommended profile settings here - Use the Microsoft Enterprise SSO plug-in on iOS/iPadOS devices - had at one point been updated. When I built the profile for SSO it indicated using explicit bundle ID's but this doc indicates using partial strings, which seems to resolve as a wild card. Creating a clone SSO config profile and changing the contents of the plist to wild cards seem to have done the trick for me and SSO. Looking to do additional testing, but give it a try on your end.
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.apple.,com.jamf.,com.jamfsoftware.</string>
<key>browser_sso_interaction_enabled</key>
<integer>1</integer>
<key>disable_explicit_app_prompt</key>
<integer>1</integer>
</dict>
</plist>
We're a Zscaler shop and SSO broke in Zscaler when Sonoma came out, but changing it to just com.zscaler. seems to have fixed that for me as well.
com.zscaler.
I had been having similar problems and went looking through Microsoft's documentation. I noticed that the recommended profile settings here - Use the Microsoft Enterprise SSO plug-in on iOS/iPadOS devices - had at one point been updated. When I built the profile for SSO it indicated using explicit bundle ID's but this doc indicates using partial strings, which seems to resolve as a wild card. Creating a clone SSO config profile and changing the contents of the plist to wild cards seem to have done the trick for me and SSO. Looking to do additional testing, but give it a try on your end.
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.apple.,com.jamf.,com.jamfsoftware.</string>
<key>browser_sso_interaction_enabled</key>
<integer>1</integer>
<key>disable_explicit_app_prompt</key>
<integer>1</integer>
</dict>
</plist>
We're a Zscaler shop and SSO broke in Zscaler when Sonoma came out, but changing it to just com.zscaler. seems to have fixed that for me as well.
com.zscaler.
My PLIST looks exactly like this. But still, no SSO possible. I did some more testing and it is completely traceable to 14.1. With 14.0 it works like a charm and after the update to 14.1 it doesn't. Company Portal is the most recent version.
My PLIST looks exactly like this. But still, no SSO possible. I did some more testing and it is completely traceable to 14.1. With 14.0 it works like a charm and after the update to 14.1 it doesn't. Company Portal is the most recent version.
Please see under AppAllowList ... Zscaler did change the Identifier Name... example of mine below
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.zscaler.</string>
<key>AppAllowList</key>
<string>com.zscaler.Zscaler,com.zscaler.zscaler</string>
<key>browser_sso_interaction_enabled</key>
<integer>1</integer>
<key>Enable_SSO_On_All_ManagedApps</key>
<integer>1</integer>
<key>disable_explicit_app_prompt</key>
<integer>1</integer>
</dict>
</plist>