Keep Office 365 signed in between Shared iPad

TheileAlbrecht
New Contributor II

In Jamf school, our iPads are set up as Shared iPads. 

We would love to see the students already be signed in to Teams, OneDrive,... no matter which iPad they grab. Is this possible?

Is this possible in temporary guest mode?

 

regards

6 REPLIES 6

RLR
Valued Contributor

I don't think this is possible as there is no such way of setting up an SSO between shared iPad logins with Office 365. We try get round this issue by trying to get the same students to use the same iPad each time they use them. 

PerryK
New Contributor III

Yes, this is possible broadly speaking.

This is a good video to review: https://www.youtube.com/watch?v=fYi7_VFth-o

There are a bunch of things mentioned, Jamf Setup, Jamf Reset, Microsoft Authenticator App, and Single Sign On Extensions.

Whilst some of this is considered "Public Preview", Microsoft will provide support and I believe it generally works well.  Also whilst still in public preview though you do need an "Cloud Device Administrator" role to sign in and enabled shared mode in Authenticator.

Even without that step though, I believe there are a quite a few parts of the puzzle now days to have a nice login experience with Microsoft apps even for Shared iPads.


Cheers.

 

Hallo PerryK,

danke für die Antwort. SSO ist nur für Jamf Pro machbar, denke ich.

Was ist Ihrer Meinung nach die beste Lösung für die Arbeit mit O365 auf iPads?

Geteilte Geräte oder nicht geteilte Geräte.

Mit freundlichen Grüßen

 

Hello PerryK,

thanks for the answer. SSO is only viable for Jamf Pro, I think.

What do you think is the best solution for working with O365 on iPads?

Shared devices or non shared devices.

With kind regards

 

PerryK
New Contributor III

I haven't watched it yet but I've just noticed there is another video on a similar topic just released a few days ago:

https://www.youtube.com/watch?v=SR2wRI-cMwM&list=PLlxHm_Px-Ie2uIFiar6_3JejiOnObiujM&index=84

PerryK
New Contributor III

Apologies, I missed this relates to Jamf School which I have not used. I think it is still a valid path to try exploring for at some some functionality gains.

The Microsoft docs here https://learn.microsoft.com/en-us/mem/intune/configuration/device-features-configure#single-sign-on-... say the following:

The credential type is designed for challenge-and-response authentication flows. You can choose between a Kerberos-specific credential extension provided by Apple, and a generic credential extension.

  • The Azure AD macOS SSO app extension should work with any third party or partner MDM. The extension must be deployed as a kerberos SSO extension, or deployed as a custom configuration profile with all the required properties configured.


And the Jamf School guides notes something about the Kerberos SSO extension.
https://docs.jamf.com/jamf-school/documentation/Configuring_Kerberos_Single_Sign-on.html

This might not work, but it could be worth looking into and hopefully my earlier information is still useful for this with Jamf Pro and Shared iPad devices.

Cheers.