Help

[FEATURE REQUEST] Platform SSO via Jamf Connect

TwoCentsforFree
New Contributor

Posted on ‎10-22-2024 04:14 PM

I setup Platform SSO (enclave) and it works... okay. Outlook and OneDrive both still require me to enter the email address to begin. It's better than nothing, but deeper integration to capture username prompts would be great. And, it would be ideal if we didn't need Company Portal to broker this login. Jamf Connect is already connected to Entra. So, it would be great if it can broker platform SSO, and autofill usernames in apps with the app prefixes defined in the profile. 

Reply
2 REPLIES 2

Shyamsundar
Contributor

Posted on ‎10-23-2024 03:50 AM

you can do that by deploying a configuration profile with a custom payload of Plist 

refer to the below link 

com.microsoft.Outlook
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> 
<key>DefaultEmailAddressOrDomain</key> 
<string>$EMAIL</string> 
</dict>
</plist>


com.microsoft.Office
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> 
<key>OfficeActivationEmailAddress</key> 
<string>$EMAIL</string> 
<key>OfficeAutoSignIn</key> <true/>
</dict>
</plist>

https://www.jamf.com/blog/help-users-activate-microsoft-office-365-and-configure-outlook-in-one-clic...

0 Kudos
Reply

AJPinto
Honored Contributor III

‎10-23-2024 05:22 AM - edited ‎10-23-2024 05:40 AM

As @Shyamsundar Shyamsundar said, you can prefill the email address simply enough, but the user still needs to enter their password.

 

PSSO hooks macOS's login screen to an IDP to handle authentication and generate tickets. As Jamf Connect is not an IDP, but rather another tool like PSSO that uses an IDP for authentication passing tickets to applications from Jamf Connect is something the individual applications must support. Microsoft clearly wants you using the Comp Portal, and until they add the ability for the Comp Portal or Office to independently accept tickets from Jamf Connect there will always be multiple authentications.

Reply