Configure Safari

lewissav
New Contributor II

Hi All,

While trying to setup SSO for our mac devices, we've discovered that this is a bit of a headache trying to work with Chrome unless the devices are enrolled in Intune (which we are not looking to do at the moment), so we are looking to switch our users over to Safari, as we have managed to get SSO up and running.

 

Our issue is that some basics are missing, such as the home button - if this can be pushed out through a config file rather than getting every user to manually toggle it on this would save us a lot of hassle - and we would also like to set some general restrictions on things like; blocking installing extensions, block changing the default search engine etc (as these are student devices).

If anyone could provide any pointers to configuring this it would be greatly appreciated!

 

Cheers!

 

7 REPLIES 7

AJPinto
Honored Contributor III

Safari is notoriously difficult to manage. I dont think you can force show the home button for Safari, many settings that Apple views are in the user space they simply dont let you manage.

 

As far as your Chrome SSO, you likely need to setup your whitelists with a configuration profile. SSO is automatic with Safari, but its not automatic with the other browsers. 

 

https://github.com/Jamf-Custom-Profile-Schemas/ProfileManifestsMirror/blob/main/manifests/ManagedPre...

lewissav
New Contributor II

Hi,

Thanks for your response - I feared that might be the case with Safari after scrolling through some older forums.

On Chrome I've deployed the Microsoft SSO Extension through a configuration profile but it's kind of just there doing nothing. Not sure if I'm missing anything but I've not really been able to find any guidance for getting this to work on Jamf Pro, only if the devices are enrolled via Intune. When you say adding a Whitelist, I don't suppose the attached image is what you are referencing?Screenshot (20).png

jamf-42
Valued Contributor II

thats company portal, which you'll only use if you are using Intune and CA.

AJPinto
Honored Contributor III

The company portal is what installs Microsoft's SSOe (and enables PSSO ), you would use this with Jamf also

@lewissav This is your configuration for Company Portal, which automatically enables SSO in Safari. You will need to add the auth whitelist servers to Chrome and Edge. 

https://chromeenterprise.google/policies/?policy=AuthServerWhitelist 

https://chromeenterprise.google/policies/?policy=AuthNegotiateDelegateAllowlist 

https://chromeenterprise.google/policies/?policy=AuthServerAllowlist 

 

AJPinto_0-1718031664126.png

 

lewissav
New Contributor II

Hi again,

I really appreciate this - I don't suppose you have a link to a guide or anything? This seems a bit out of my depth if I'm being honest! 😅

Thank you again.

lewissav
New Contributor II

Hi again,

 

Still had no joy with this, if you have any pointers I'd really appreciate it!

 

Thank you.

DavidN
Contributor

Lewissav. If you don't have Company portal installed SSO will not work. Company portal does not need to be signed into or anything, it just needs to be installed to pass SSO credentials from OS to microsoft apps, Adobe apps, Safari, etc.