Forum Discussion

PatrickF11's avatar
PatrickF11
MCT
May 24, 2024

Platform SSO for macOS not working

(Update after long troubleshooting: the two main issues until now were: Leading and/or trailing spaces in the configs > They lead to visible and unvisible errors! When using in europe you need to re...
Intune
macos
mobile device management (mdm)
Platform SSO
PSSO
PatrickF11's avatar
PatrickF11
MCT
Jun 27, 2024

After a few weeks of i'm back testing platform sso.

This is the current status:

  1. It is not working, even if the profile gets assigned successfully after removing some URLs. (Not working means, nothing pops up for the user to click through the final steps to activate PSSO.
  2. I've already worked through the mentioned article from intuneirl.
  3. The main issues are
    1. Company Portal is installed on the client but with installation failures in intune: 
      1. "One or more apps contain invalid bundleIDs. (0x87D13BA2)"
      2. The installation itself was done just as MS described or the intuneirl blog described. (Download package, new LOB App, upload, ...)
    2. When manually opening the company portal app on the mac device it says "This is device is not registered" (I'm not sure if this really a problem or if it's just a consequence of the previous problem.)

Result:

The whole deployment works just fine instead of plattform SSO is not popping up like mentioned e.g. in this screenshot:

And therefore nothing is registered inside the user account. When looking here the red area isn't there: (Screenshot from IntuneStuff Blog)

 

 

Any further ideas are highly appreaciated. I'm a little bit desperate already ๐Ÿ˜ž

Mandi Ohlinger: Some information from your side?

 

Thanks everyone in advance

Patrick ๐Ÿ™‚

Intunestuff's avatar
Intunestuff
Brass Contributor
Jul 10, 2024

PatrickF11 , that screenshot isnโ€™t from intuneIRL but from my site https://intunestuff.com. Iโ€™ve already made an update of the guide.

  • Intunestuff's avatar
    Intunestuff
    Brass Contributor
    Jul 11, 2024

    PatrickF11 Thank you. Does it work now? Always willing to take a look at your config. 

  • PatrickF11's avatar
    PatrickF11
    MCT
    Jul 11, 2024

    Intunestuff Oh sorry, i've immediately corrected this in my posting. I am surprised how I got this mixed up... Thank you for clarifying

     

    RussMeyer-Epik 
    Thanks, but the apple business manager is only responsible for synchronizing the devices to intune. The deployment itself is via Intune of course.
    Maybe there are other ways i didn't know, yet?
    Are you sure the "Token to User mapping" is necessary in this scenario? Do you have any documentation regardings this in context using ABM?

     

    drumroll..... It works...

    And the mistake was.... it was me... -.-

    Although I said that I would check everything twice, I had a... blank space.... (right before the Extension Identifier value)

    The pop-up appears immediately after this was fixed.

     

    For the sake of troubleshooting i did not added the "token to user mapping", so i can clearly see what would have been the issue. Currently i'm testing the secure enclave mode and if it is working how it should work. I'm going to reply again when this is tested ๐Ÿ™‚

    (I've added a hint in the initial posting regarding the leading / trailing spaces in the configs and the URLs to be removed)

Resources