2 weeks ago
Hi All,
While trying to setup SSO for our mac devices, we've discovered that this is a bit of a headache trying to work with Chrome unless the devices are enrolled in Intune (which we are not looking to do at the moment), so we are looking to switch our users over to Safari, as we have managed to get SSO up and running.
Our issue is that some basics are missing, such as the home button - if this can be pushed out through a config file rather than getting every user to manually toggle it on this would save us a lot of hassle - and we would also like to set some general restrictions on things like; blocking installing extensions, block changing the default search engine etc (as these are student devices).
If anyone could provide any pointers to configuring this it would be greatly appreciated!
Cheers!
2 weeks ago
Safari is notoriously difficult to manage. I dont think you can force show the home button for Safari, many settings that Apple views are in the user space they simply dont let you manage.
As far as your Chrome SSO, you likely need to setup your whitelists with a configuration profile. SSO is automatic with Safari, but its not automatic with the other browsers.
2 weeks ago
Hi,
Thanks for your response - I feared that might be the case with Safari after scrolling through some older forums.
On Chrome I've deployed the Microsoft SSO Extension through a configuration profile but it's kind of just there doing nothing. Not sure if I'm missing anything but I've not really been able to find any guidance for getting this to work on Jamf Pro, only if the devices are enrolled via Intune. When you say adding a Whitelist, I don't suppose the attached image is what you are referencing?
2 weeks ago
thats company portal, which you'll only use if you are using Intune and CA.
2 weeks ago - last edited 2 weeks ago
The company portal is what installs Microsoft's SSOe (and enables PSSO ), you would use this with Jamf also
@lewissav This is your configuration for Company Portal, which automatically enables SSO in Safari. You will need to add the auth whitelist servers to Chrome and Edge.
https://chromeenterprise.google/policies/?policy=AuthServerWhitelist
https://chromeenterprise.google/policies/?policy=AuthNegotiateDelegateAllowlist
https://chromeenterprise.google/policies/?policy=AuthServerAllowlist
2 weeks ago
Hi again,
I really appreciate this - I don't suppose you have a link to a guide or anything? This seems a bit out of my depth if I'm being honest! 😅
Thank you again.