Just wondering if any have managed to get the single sign on extension working with Google Chrome and Teams. I can get SSO working in Outlook, but not in Chrome and teams, where I need to enter both Email adress and password when opening first time.
This screenshot shows the contents of our SSO extension payload.
Here's the plist that we uploaded to the custom configuration section. The AppPrefixAllowList portion extends the auth token usage across defined apps.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppPrefixAllowList</key> <string>com.microsoft., com.adobe., com.google., com.apple., com.jamfsoftware.</string> <key>Enable_SSO_On_All_ManagedApps</key> <integer>1</integer> <key>browser_sso_interaction_enabled</key> <integer>1</integer> <key>disable_explicit_app_prompt</key> <integer>1</integer> </dict> </plist>
Thanks for the input.
I have tried to set the above so I have exact same policy. When I try to install a new computer with this profile and open a chrome browser or teams, it still ask for username and password
same behavior here. SSO for our MS Office® and MS user accounts is working in Safari®, but it is not working in Google Chrome®. I guess, that we have to provide Chrome® via Self Service.APP. At this time, our employees are installing their prefered browser themself right from Google® oder mozilla® .
I deployed Google® Chrome® and Mozilla® Firefox® with Jamf® to my test client in order to test SSO.
Safari® is working fine, Chrome® and Firefox® didn't. There is another discussion about this theme: klick here , but there is no solution.
In Firefox® , I activated the SSO features (about:config), but in Chrome® I wasn't able to do this.
Is there anyone, who got the funtion running?
As far, as I was able to find informations about SSO and Chrome® , there is a discussion here at Jamf® Nation®, where someone tells, that Microsoft® does not support SSO for Chrome® . We did not spent much more time to this project, but I will keep it keep it in my mind.
I can't find the doc where it was stated :
Applications that do not use Apple Networking technologies (like WKWebview and NSURLSession) will not be able to use the shared credential (PRT) from the SSO Extension.
Both Google Chrome and Mozilla Firefox fall into this category. Even if they are configured in the MDM configuration profile, the result will be a regular authentication prompt in the browser.