Help

MO688912 - Jamf Reset SSO iOS 17 not signing out

SteveS
New Contributor III

Posted on ‎11-16-2023 07:59 AM

"We've detected a recent WebKit update which may impact Enterprise Single Sign On (SSO) for Microsoft 365 services" - Microsoft

I think we are running into an issue related to this and wondering if others are as well. We have iphones setup as shared devices using jamf setup and jamf reset. We do a soft reset between users since you still have to register the device between full resets (unless someone has a way to skip that requirement)

 

When a user resets it is keeping the prior login active on Epic rover. Before it was clearing the token, but we are seeing sessions remaining I think on iOS 17 devices.

7 REPLIES 7

mikegetchell
New Contributor III

Posted on ‎12-15-2023 12:41 PM

We are getting to integrate single sign-on with epic Rover. Sounds like you have the same set up in mind that we intend to use. About to engage with epic, any additional tips?

0 Kudos

SteveS
New Contributor III
In response to mikegetchell

Posted on ‎02-22-2024 08:17 AM

There is a property you need to set in the epic application to tie the sam account name to the user record for epic. This was a challenge for as I think the number of people that understood it at the time was low and the directions were non-existant.  

0 Kudos

Nate-Nielsen
New Contributor II

Posted on ‎02-20-2024 02:31 PM

Same as @mikegetchell, we are actively testing this solution in our environment (Jamf Setup + Reset Single Login w/ Epic Rover and Haiku) but haven't had any feedback regarding stuck sessions just yet. Will keep my eye out and respond here if I can identify anything.

mikegetchell
New Contributor III

Posted on ‎02-20-2024 02:54 PM

I think we are even looking at Return to Service as a better option than Jamf Reset (soft reset) at this moment.

 

0 Kudos

Nate-Nielsen
New Contributor II
In response to mikegetchell

Posted on ‎02-20-2024 04:06 PM

@mikegetchell - I'll have to look into that as a potential alternative. We already have some apps that we won't (or can't) set up SSO with so I have to have those apps uninstall and then reinstall from reset to setup. Not sure if I like that option best or not.

0 Kudos

SteveS
New Contributor III
In response to mikegetchell

Posted on ‎02-22-2024 08:15 AM

So one challenge is that we are using entra for authentication and that requires the device be registered in entra. This requires a user with cloud device administrator rights to log onto the device microsoft authenticator to register. This is not as of yet automated for MDM's other than intune as last I knew. So a full device wipe will break that process for now.

0 Kudos

mikegetchell
New Contributor III
In response to SteveS

Posted on ‎02-22-2024 08:37 AM

The cloud device admin is no longer a requirement, I thought.  We just put Authenticator into Shared Device Mode in the Jamf deployment of Authenticator.  
<dict>
<key>sharedDeviceMode</key>
<true/>
</dict>

 

We use Setup for role selection in Azure for the initial login. We are still working with out other teams to establish how we are setting up the Epic side for the integration.

0 Kudos