Forum Discussion
Custom App requests authentication on Teams Mobile (iOS)
Erik365Online -Thank you for sharing the Teams App manifest. It looks well-structured, but the issue with SSO on iOS might be due to how the Entra ID app proxy handles authentication on different platforms.
The Entra ID app proxy settings are correctly configured for iOS devices. Sometimes, specific settings or policies might need to be adjusted to ensure seamless SSO on iOS. Ensure that the Entra ID app proxy is set up to pre-authenticate users before granting access to the application. This involves configuring the app proxy to use Azure AD for authentication. Review and configure conditional access policies to ensure they are not causing issues on iOS. Conditional access policies might treat iOS devices differently, leading to repeated authentication prompt.
Reference Document-
1. Plan a Microsoft Entra application proxy Deployment - Microsoft Entra ID | Microsoft Learn
2. Publish on-premises apps with Microsoft Entra application proxy - Microsoft Entra ID | Microsoft Learn
3.Translate links and URLs for Microsoft Entra application proxy. - Microsoft Entra ID | Microsoft Learn
MicrosoftErik365Online- Thanks for reporting your issue.
Could you please share some code snippets/repro steps so that we can investigate from our end.
Hi Sayali-MSFT,
sure, the Teams App manifest.
{
"$schema": "https://developer.microsoft.com/en-us/json-schemas/teams/v1.17/MicrosoftTeams.schema.json",
"version": "1.0.2",
"manifestVersion": "1.17",
"id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"name": {
"short": "EWA",
"full": "EWA - Eriks Web App"
},
"developer": {
"name": "Erik Kleefeldt",
"mpnId": "",
"websiteUrl": "https://somelegacywebappnamereplacedhere.msappproxy.net/",
"privacyUrl": "https://www.contoso.com/about/",
"termsOfUseUrl": "https://www.contoso.com/about/"
},
"description": {
"short": "EWA is designed to demo a web-based app showing up as a Teams integrated app",
"full": "Eriks Web App - EWA - Is designed to demo a web-based app showing up as a Teams integrated app"
},
"icons": {
"outline": "outline.png",
"color": "color.png"
},
"accentColor": "#FFFFFF",
"staticTabs": [
{
"entityId": "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY",
"name": "Web",
"contentUrl": "https://somelegacywebappnamereplacedhere.msappproxy.net/",
"websiteUrl": "https://somelegacywebappnamereplacedhere.msappproxy.net/",
"scopes": [
"personal"
],
"context": [
"personalTab"
]
},
{
"entityId": "about",
"scopes": [
"personal"
]
}
],
"validDomains": [
"somelegacywebappnamereplacedhere.msappproxy.net",
"*.msappproxy.net",
"*.contoso.com"
],
"webApplicationInfo": {
"id": "ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ",
"resource": "https://somelegacywebappnamereplacedhere.msappproxy.net/user_impersonation/"
},
"configurableProperties": [
"name",
"smallImageUrl",
"largeImageUrl",
"accentColor"
]
}
The legacy web app behind is a HTML website secured behind a Entra ID app proxy (...msappproxy.net).
The HTML website itself does not require any authentication only the Entra ID app proxy seems to require pre-authentication. But this pre-authentication within Teams on iOS is not passed through.
Best Regards
Erik
- Sayali-MSFT
Erik365Online -Thank you for sharing the Teams App manifest. It looks well-structured, but the issue with SSO on iOS might be due to how the Entra ID app proxy handles authentication on different platforms.
The Entra ID app proxy settings are correctly configured for iOS devices. Sometimes, specific settings or policies might need to be adjusted to ensure seamless SSO on iOS. Ensure that the Entra ID app proxy is set up to pre-authenticate users before granting access to the application. This involves configuring the app proxy to use Azure AD for authentication. Review and configure conditional access policies to ensure they are not causing issues on iOS. Conditional access policies might treat iOS devices differently, leading to repeated authentication prompt.
Reference Document-
1. Plan a Microsoft Entra application proxy Deployment - Microsoft Entra ID | Microsoft Learn
2. Publish on-premises apps with Microsoft Entra application proxy - Microsoft Entra ID | Microsoft Learn
3.Translate links and URLs for Microsoft Entra application proxy. - Microsoft Entra ID | Microsoft Learn