I have added all the O365 apps to the
AppAllowList custom setting. Here is my custom setting PLIST that i add to the SSO Profile:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppAllowList</key> <string>com.microsoft.Outlook,com.microsoft.teams,com.microsoft.OneDrive,com.microsoft.Word,com.microsoft.Excel,com.microsoft.Powerpoint,com.microsoft.onenote.mac,com.jamfsoftware.selfservice.mac</string> <key>browser_sso_interaction_enabled</key> <integer>1</integer> <key>disable_explicit_app_prompt</key> <integer>1</integer> </dict> </plist>
I don't think OneDrive is working yet, but it seems like all the other Apps pickup on the SSO credentials.
I find it hit or miss. Some apps seem to work better than other (Teams & Jamf Self Service seem to pick up the user better than the other Microsoft Apps.)
Is seems that when I was testing it a few months ago, it seemed to work better. I don't know if Apple changed something or Microsoft did.
I guess that is why Microsoft still considers it to be in
Hi Vinu, I am surprised you SSO works Office 365. For me it works only for Safari. When i launch word, excel or PP, it require me another authentication for license.
Can you share configuration you are usings?
I am also testing the Company portal SSO-E It's working with safari, office 0365 apps
My Azure is in Hybrid but it does not matter. SSO works with Company Portal Authentication. I enroll the Mac with a test user different to the Azure one, than I authenticate in Company Portal that generate a token for SSO that in my case works but only with Safari and WebApps. Desktop Office Apps require another authentication for assign license. I need to solve this part.
Are you using Hybrid or pure Azure
We are experiencing the same issue as the original poster.
If any one has any tips? what we are seeing it works with Safari and MS Teams only but not Office apps: Outlook, Excel and OneDrive,etc.
@ vinu.thankachan Could you tell us or share some more info how did you fix it and get that working please?
1) How are you all installing office? 2) Are you using the app store, or are you installing via .pkg? 3) Do you think it matters? but Teams is installed for us through the Office .pkg; if it was a .pkg issue, then it shouldn't work for any of the apps.
What are your thoughts?
I think it doesn't matter. The app installation can take place via .pkg or the App Store but activation takes place via the web, so the user must be authenticated on the O365 portal to do so.
The question is, can you pass SSO in any way? According to my test no, and the MS documentation seems to copy it. So I'm surprised someone can do it and I can't figure out how.
@ali.fadavinia I have seen in the past slightly differences from deploying through PKG or Appstore push. So to validate, I did a test with Word from Appstore deploy and It's the same results as PKG, no matter the installation type, the app. is prompting to authenticate and don't transit through SSOEx. like Teams does
@vinu.thankachan Can you confirm it works (or not) for you if the Keychain and cookies are cleared ? Thanks.
Did anyone ever figure this out? We are getting the same experience. SSO extension is configured and works with Microsoft websites, but the individual Office apps do not pick up the credentials, hence forcing us to sign into the apps manually. Teams is the only app that is close (it shows us the account selection, same as the screenshot above from @vinu.thankachan )
Ive started playing with this microsoft SSO as well. Im looking to get the Adobe Creative Cloud app to recognize it too.
My overall goal would be when our students or faculty login to a machine for the first time, they setup the managed Apple ID for iCloud that we have using federated accounts which is the first thing that prompts for a microsoft login. Im hoping to utilize that login to provide all the credentials for the rest of the apps. So during the initial setup assistant, having it use this Microsoft SSO piece to have one login to rule them all!
Im trying to get the bundle ID of the setup assistant and I guess what the url is that apple is using for the login for federated apple ID with microsoft. I did notice that the Microsoft Apps all register though. I'm using the installer from macadmins.software and using some forced settings with a config profile for our Microsoft apps though. Im hoping if i can trigger the sso window during that iCloud setup, that we would not need to use any other logins after that.
So I got this to work using com.apple.SetupAssistant in the plist and then the iCloud login allowed me to use the sso plug in. Its not quite right though because underneath the SSO initial login, is the normal federated login, so its making us type it twice. After that though when I went into the machine, Safari was already logged in and Zoom was already logged in, however Word still asked for a login name/email and didn't show the drop down list. Once I typed the email address in though it didn't prompt for a password, just had the drop down list with the account already there.
Also I'm trying to get adobe creative cloud to use this, but I think their app isn't built correctly since I can see the Microsoft SSO plugin version pop for a split second before it triggers the normal federated login.
The attached plist is working SSO for Word, PPT, Excel, Outlook, Safari, Teams, and zscaler but it's not working for Chrome, Firefox, and Edge when I signed in Company Portal App.
Does anyone suggest how to achieve SSO for chrome, Firefox, and Edge?
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppAllowList</key> <string>com.microsoft.Outlook,com.microsoft.teams,com.microsoft.OneDrive,com.microsoft.Word,com.microsoft.Excel,com.microsoft.Powerpoint,com.microsoft.onenote.mac,com.zscaler.Zscaler,</string> <key>browser_sso_interaction_enabled</key> <integer>1</integer> <key>disable_explicit_app_prompt</key> <integer>1</integer> </dict> </plist>
Im having issues with SSO and Safari.
When trying to access myapplications.azure.us it just will not redirect to login.microsoftonline.us and just sits on a white page.
If I go directly to login.microsoftonline.us in Safari then the SSO appears to work and login without issue.
I also tested with the plist above to no avail.
Test system is macOS 11.6.
Anyone else experience similar issues?
We have also been unable to get any version of the plist working for the SSO on the apps themselves. We had opened a ticket with Microsoft about this and they mentioned that there is a known bug with Azure tokens and the Mac office apps, but the details were a little hazy. They claimed a fix was on the way in October, but I don't have the fullest confidence.
The only place SSO is working for us is on the Microsoft websites.