Single sign on Extension - Chrome and Teams?

Captainamerica
Contributor II

Just wondering if any have managed to get the single sign on extension working with Google Chrome and Teams.  I can get SSO working in Outlook, but not in Chrome and teams, where I need to enter both Email adress and password when opening first time. 

10 REPLIES 10

Captainamerica
Contributor II

Sorry - maybe mentioned this wrong. It is the single sign-on plugin - think that is the right wording

merps
Contributor III

This screenshot shows the contents of our SSO extension payload.

Screen Shot 2022-02-25 at 10.14.53 AM.png

Here's the plist that we uploaded to the custom configuration section. The AppPrefixAllowList portion extends the auth token usage across defined apps.

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppPrefixAllowList</key>
	<string>com.microsoft., com.adobe., com.google., com.apple., com.jamfsoftware.</string>
	<key>Enable_SSO_On_All_ManagedApps</key>
	<integer>1</integer>
	<key>browser_sso_interaction_enabled</key>
	<integer>1</integer>
	<key>disable_explicit_app_prompt</key>
	<integer>1</integer>
</dict>
</plist>

Captainamerica
Contributor II

Thanks for the input.
I have tried to set the above so I have exact same policy. When I try to install a new computer with this profile and open a chrome browser or teams, it still ask for username and password 

Are you signed into Company Portal? Also, what OS version are you using?

Captainamerica
Contributor II

As far I can read company portal must be installed, but as such there is no requirement that there must be signed into company portal. 

Anonymous
Not applicable

same behavior here. SSO for our MS Office® and MS user accounts is working in Safari®, but it is not working in Google Chrome®. I guess, that we have to provide Chrome® via Self Service.APP.  At this time, our employees are installing their prefered browser themself right from Google®  oder mozilla® .

Anonymous
Not applicable

Update:

I deployed Google® Chrome® and Mozilla® Firefox® with Jamf® to my test client in order to test SSO.

Safari® is working fine, Chrome® and Firefox® didn't. There is another discussion about this theme: klick here , but there is no solution.

In Firefox® , I activated the SSO features (about:config), but in Chrome® I wasn't able to do this.

Is there anyone, who got the funtion running?

 

Same question. If anyone knows of a solution for Chrome or FF please advise.

Anonymous
Not applicable

Update again:
As far, as I was able to find informations about SSO and Chrome® , there is a discussion here at Jamf® Nation®, where someone tells, that Microsoft® does not support SSO for Chrome® . We did not spent much more time to this project, but I will keep it keep it in my mind.

jpoirson
New Contributor III

Hello,

I can't find the doc where it was stated :

 

Applications that do not use Apple Networking technologies (like WKWebview and NSURLSession) will not be able to use the shared credential (PRT) from the SSO Extension.

Both Google Chrome and Mozilla Firefox fall into this category. Even if they are configured in the MDM configuration profile, the result will be a regular authentication prompt in the browser.