SOLVED
Home

Native apps SSO on mobile

%3CLINGO-SUB%20id%3D%22lingo-sub-393015%22%20slang%3D%22en-US%22%3ENative%20apps%20SSO%20on%20mobile%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-393015%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20are%20you%20implementing%20SSO%20with%20native%20apps%20on%20iOS%20and%20Android%20for%20an%20Azure%20AD%20only%20environment%3F%20VMware%20and%20others%20have%20a%20KDC%20built%20in%20to%20the%20IDP%20to%20enable%20native%20app%20SSO.%3C%2FP%3E%3CP%3EWould%20I%20need%20to%20configure%20Domain%20Services%20on%20my%20tenant%2C%20enable%20kerberos%20and%20then%20configure%20SSO%20profile%20for%20iOS%3F%3C%2FP%3E%3CP%3EWhat's%20your%20take%20on%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-393015%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzureAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobileApp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esingle%20sign%20on%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-401399%22%20slang%3D%22en-US%22%3ERe%3A%20Native%20apps%20SSO%20on%20mobile%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-401399%22%20slang%3D%22en-US%22%3EFound%20a%20workaround%2C%20not%20a%20smooth%20flow%20but%20at%20least%20the%20user%20doesn%E2%80%99t%20have%20to%20sign%20in%20again.%3CBR%20%2F%3E%3CBR%20%2F%3EDeploy%20MS%20Edge%20and%20have%20the%20user%20add%20their%20corporate%20credentials.%20Once%20the%20user%20opens%20Salesforce%20and%20the%20webview%20in%20safari%20opens%2C%20tap%20the%20share%20button%2C%20select%20open%20in%20edge%2C%20the%20user%20is%20now%20signed%20in%20using%20SAML%2C%20a%20pop%20up%20shows%20up%20asking%20the%20user%20to%20open%20in%20the%20Salesforce%20app%2C%20select%20ok.%20The%20user%20is%20now%20signed%20in%20without%20having%20to%20enter%20creds.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20I%20said%2C%20not%20smooth.%20I%20would%20like%20the%20see%20either%20an%20extension%20in%20safari%20or%20a%20flow%20that%3CBR%20%2F%3Eresembles%20that%20of%20other%20vendors%20to%20make%20it%20easy%20for%20the%20user.%3C%2FLINGO-BODY%3E
almennn
Contributor

Howdy,

 

How are you implementing SSO with native apps on iOS and Android for an Azure AD only environment? VMware and others have a KDC built in to the IDP to enable native app SSO.

Would I need to configure Domain Services on my tenant, enable kerberos and then configure SSO profile for iOS?

What's your take on this?

1 Reply
Solution
Found a workaround, not a smooth flow but at least the user doesn’t have to sign in again.

Deploy MS Edge and have the user add their corporate credentials. Once the user opens Salesforce and the webview in safari opens, tap the share button, select open in edge, the user is now signed in using SAML, a pop up shows up asking the user to open in the Salesforce app, select ok. The user is now signed in without having to enter creds.

As I said, not smooth. I would like the see either an extension in safari or a flow that
resembles that of other vendors to make it easy for the user.
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies