Jamf Nation Community

Captainamerica · ‎02-23-2022

Just wondering if any have managed to get the single sign on extension working with Google Chrome and Teams. I can get SSO working in Outlook, but not in Chrome and teams, where I need to enter both Email adress and password when opening first time.

Captainamerica · ‎02-25-2022

Sorry - maybe mentioned this wrong. It is the single sign-on plugin - think that is the right wording

merps · ‎02-25-2022

This screenshot shows the contents of our SSO extension payload.

Here's the plist that we uploaded to the custom configuration section. The AppPrefixAllowList portion extends the auth token usage across defined apps.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>AppPrefixAllowList</key>
	<string>com.microsoft., com.adobe., com.google., com.apple., com.jamfsoftware.</string>
	<key>Enable_SSO_On_All_ManagedApps</key>
	<integer>1</integer>
	<key>browser_sso_interaction_enabled</key>
	<integer>1</integer>
	<key>disable_explicit_app_prompt</key>
	<integer>1</integer>
</dict>
</plist>

Captainamerica · ‎02-28-2022

Thanks for the input.
I have tried to set the above so I have exact same policy. When I try to install a new computer with this profile and open a chrome browser or teams, it still ask for username and password

merps · ‎02-28-2022

Are you signed into Company Portal? Also, what OS version are you using?

Captainamerica · ‎03-13-2022

As far I can read company portal must be installed, but as such there is no requirement that there must be signed into company portal.

Anonymous · ‎05-02-2022

same behavior here. SSO for our MS Office® and MS user accounts is working in Safari®, but it is not working in Google Chrome®. I guess, that we have to provide Chrome® via Self Service.APP. At this time, our employees are installing their prefered browser themself right from Google® oder mozilla® .

Anonymous · ‎05-09-2022

Update:

I deployed Google® Chrome® and Mozilla® Firefox® with Jamf® to my test client in order to test SSO.

Safari® is working fine, Chrome® and Firefox® didn't. There is another discussion about this theme: klick here , but there is no solution.

In Firefox® , I activated the SSO features (about:config), but in Chrome® I wasn't able to do this.

Is there anyone, who got the funtion running?

DavidN · ‎05-18-2022

Same question. If anyone knows of a solution for Chrome or FF please advise.

Anonymous · ‎08-09-2022

Update again:
As far, as I was able to find informations about SSO and Chrome® , there is a discussion here at Jamf® Nation®, where someone tells, that Microsoft® does not support SSO for Chrome® . We did not spent much more time to this project, but I will keep it keep it in my mind.

jpoirson · ‎11-08-2023

Hello,

I can't find the doc where it was stated :

Applications that do not use Apple Networking technologies (like WKWebview and NSURLSession) will not be able to use the shared credential (PRT) from the SSO Extension.

Both Google Chrome and Mozilla Firefox fall into this category. Even if they are configured in the MDM configuration profile, the result will be a regular authentication prompt in the browser.

Jamf Nation Community

Single sign on Extension - Chrome and Teams?