Help

Web site visit issue

Asifahmed
New Contributor III

Posted on ‎01-05-2024 04:00 AM

Hello All,

 

In my company's workday portal, normaly Windows device doesnt ask company's user name and password if user visit the workday from company's LAN, but in case of mac device it is asking username and password every time user visit the workday portal, and it is for all browsers,(GC,Edge, Safari), what might be the cause or what is the resolution?

I already check the to turn on the autofill password feature and also pushed a confog profile to turn on SSO/bypass credential for workday URL but still no luck, any idea will be appreciated.

0 Kudos
7 REPLIES 7

mfletch
New Contributor III

Posted on ‎01-05-2024 04:06 AM

My guess is that the Windows devices are bound to the domain and your macs are not. You can try binding your mac to the domain and see if that allows you to pass through the login for Workday. I'm guessing that you can also use Jamf Connect to pass through credentials as well. 

0 Kudos

Asifahmed
New Contributor III
In response to mfletch

Posted on ‎01-05-2024 04:09 AM

I thought that but interesting thing is that those are autopilot machines, not joined in on-prem AD but registeted in Azure AD. And also if I if any device is not joined in AD or not registered in AAD but if we install VPN client then from VPN that Windows device work smoothly but macs are not.

0 Kudos

AJPinto
Honored Contributor II

Posted on ‎01-05-2024 05:58 AM

You need to set up a SSO extension. The browser has no idea who the user is, and in turn must ask manually for authentication. There are many SSO extensions from Microsoft Comp Portal, to Okta Verify which support OAUTH2. Other tools like JAMF Connect can generate Kerberos tickets, and also facilitate some SSO functionality. What you need is ultimately down to what IDP you use and what their requirements are.

 

My suggestion is to reach out to your IDP and ask them what is required for SSO to work on macOS. Once you know the tool you need, it's a matter of figuring out how to configure it which should not be a difficult task. 

Asifahmed
New Contributor III
In response to AJPinto

Posted on ‎01-05-2024 06:14 AM

BTW, we use Azure AD as IDP here, and Azure AD is integrated with my JAMF console, FYI, Jamf Connect is not deployed for all macs still, but it is under testing phase, I can do a test on my mac where Jamf connect is deployed and it is working fine, I will ask to Azure AD team for SSO extension and what needs to be done, but is it possible to do something with Jamf connect ? If yes then how? If jamf connect can help me then I will ignore about SSO extension.

0 Kudos

AJPinto
Honored Contributor II
In response to Asifahmed

Posted on ‎01-05-2024 06:26 AM

You will likely need to install the Microsoft Comp Portal app and configure its SSOe. The users dont need to sign into the Comp Portal or register with Intune, it just needs to be installed configured (configuration profile) and they need to log in to some MS tool like Outlook. From there it will pass tokens. Once MS finally adds production support for Platform SSO, with any luck it will work with a login screen auth but we are not there yet.

 

Microsoft Enterprise SSO plug-in for Apple devices - Microsoft identity platform | Microsoft Learn

0 Kudos

Asifahmed
New Contributor III
In response to AJPinto

Posted on ‎01-09-2024 08:40 AM

It is working over cloud alos, that is good, but Safari is not asking the username and password at all once it has taken the credential for once, but in case of GC and Edge one tiem it is asking and if we open another tab for a new company's site it doesnt ask, dont know this is abnormal behavior for Safari or not.

0 Kudos

tigone
New Contributor

Posted on ‎02-14-2024 10:24 PM

Have you tried to use it through some VPN?

0 Kudos