Help

Configure Safari

lewissav
New Contributor II

Posted on ‎06-10-2024 05:46 AM

Hi All,

While trying to setup SSO for our mac devices, we've discovered that this is a bit of a headache trying to work with Chrome unless the devices are enrolled in Intune (which we are not looking to do at the moment), so we are looking to switch our users over to Safari, as we have managed to get SSO up and running.

 

Our issue is that some basics are missing, such as the home button - if this can be pushed out through a config file rather than getting every user to manually toggle it on this would save us a lot of hassle - and we would also like to set some general restrictions on things like; blocking installing extensions, block changing the default search engine etc (as these are student devices).

If anyone could provide any pointers to configuring this it would be greatly appreciated!

 

Cheers!

 

0 Kudos
Reply
7 REPLIES 7

AJPinto
Honored Contributor III

Posted on ‎06-10-2024 06:43 AM

Safari is notoriously difficult to manage. I dont think you can force show the home button for Safari, many settings that Apple views are in the user space they simply dont let you manage.

 

As far as your Chrome SSO, you likely need to setup your whitelists with a configuration profile. SSO is automatic with Safari, but its not automatic with the other browsers. 

 

https://github.com/Jamf-Custom-Profile-Schemas/ProfileManifestsMirror/blob/main/manifests/ManagedPre...

0 Kudos
Reply

lewissav
New Contributor II
In response to AJPinto

Posted on ‎06-10-2024 06:56 AM

Hi,

Thanks for your response - I feared that might be the case with Safari after scrolling through some older forums.

On Chrome I've deployed the Microsoft SSO Extension through a configuration profile but it's kind of just there doing nothing. Not sure if I'm missing anything but I've not really been able to find any guidance for getting this to work on Jamf Pro, only if the devices are enrolled via Intune. When you say adding a Whitelist, I don't suppose the attached image is what you are referencing?Screenshot (20).png

0 Kudos
Reply

jamf-42
Valued Contributor II
In response to lewissav

Posted on ‎06-10-2024 06:59 AM

thats company portal, which you'll only use if you are using Intune and CA.

0 Kudos
Reply

AJPinto
Honored Contributor III
In response to jamf-42

‎06-10-2024 08:01 AM - edited ‎06-10-2024 08:02 AM

The company portal is what installs Microsoft's SSOe (and enables PSSO ), you would use this with Jamf also

@lewissav This is your configuration for Company Portal, which automatically enables SSO in Safari. You will need to add the auth whitelist servers to Chrome and Edge. 

https://chromeenterprise.google/policies/?policy=AuthServerWhitelist 

https://chromeenterprise.google/policies/?policy=AuthNegotiateDelegateAllowlist 

https://chromeenterprise.google/policies/?policy=AuthServerAllowlist 

 

AJPinto_0-1718031664126.png

 

Reply

lewissav
New Contributor II
In response to AJPinto

Posted on ‎06-11-2024 12:44 AM

Hi again,

I really appreciate this - I don't suppose you have a link to a guide or anything? This seems a bit out of my depth if I'm being honest! 😅

Thank you again.

0 Kudos
Reply

lewissav
New Contributor II
In response to AJPinto

Posted on ‎07-10-2024 04:46 AM

Hi again,

 

Still had no joy with this, if you have any pointers I'd really appreciate it!

 

Thank you.

0 Kudos
Reply

DavidN
Contributor

Posted on ‎06-27-2024 08:33 AM

Lewissav. If you don't have Company portal installed SSO will not work. Company portal does not need to be signed into or anything, it just needs to be installed to pass SSO credentials from OS to microsoft apps, Adobe apps, Safari, etc.

0 Kudos
Reply