SOLVED

Native apps SSO on mobile

%3CLINGO-SUB%20id%3D%22lingo-sub-393015%22%20slang%3D%22en-US%22%3ENative%20apps%20SSO%20on%20mobile%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-393015%22%20slang%3D%22en-US%22%3E%3CP%3EHowdy%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20are%20you%20implementing%20SSO%20with%20native%20apps%20on%20iOS%20and%20Android%20for%20an%20Azure%20AD%20only%20environment%3F%20VMware%20and%20others%20have%20a%20KDC%20built%20in%20to%20the%20IDP%20to%20enable%20native%20app%20SSO.%3C%2FP%3E%3CP%3EWould%20I%20need%20to%20configure%20Domain%20Services%20on%20my%20tenant%2C%20enable%20kerberos%20and%20then%20configure%20SSO%20profile%20for%20iOS%3F%3C%2FP%3E%3CP%3EWhat's%20your%20take%20on%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-393015%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzureAD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobileApp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esingle%20sign%20on%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-401399%22%20slang%3D%22en-US%22%3ERe%3A%20Native%20apps%20SSO%20on%20mobile%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-401399%22%20slang%3D%22en-US%22%3EFound%20a%20workaround%2C%20not%20a%20smooth%20flow%20but%20at%20least%20the%20user%20doesn%E2%80%99t%20have%20to%20sign%20in%20again.%3CBR%20%2F%3E%3CBR%20%2F%3EDeploy%20MS%20Edge%20and%20have%20the%20user%20add%20their%20corporate%20credentials.%20Once%20the%20user%20opens%20Salesforce%20and%20the%20webview%20in%20safari%20opens%2C%20tap%20the%20share%20button%2C%20select%20open%20in%20edge%2C%20the%20user%20is%20now%20signed%20in%20using%20SAML%2C%20a%20pop%20up%20shows%20up%20asking%20the%20user%20to%20open%20in%20the%20Salesforce%20app%2C%20select%20ok.%20The%20user%20is%20now%20signed%20in%20without%20having%20to%20enter%20creds.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20I%20said%2C%20not%20smooth.%20I%20would%20like%20the%20see%20either%20an%20extension%20in%20safari%20or%20a%20flow%20that%3CBR%20%2F%3Eresembles%20that%20of%20other%20vendors%20to%20make%20it%20easy%20for%20the%20user.%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Howdy,

 

How are you implementing SSO with native apps on iOS and Android for an Azure AD only environment? VMware and others have a KDC built in to the IDP to enable native app SSO.

Would I need to configure Domain Services on my tenant, enable kerberos and then configure SSO profile for iOS?

What's your take on this?

1 Reply
Highlighted
Best Response confirmed by almennn (Contributor)
Solution
Found a workaround, not a smooth flow but at least the user doesn’t have to sign in again.

Deploy MS Edge and have the user add their corporate credentials. Once the user opens Salesforce and the webview in safari opens, tap the share button, select open in edge, the user is now signed in using SAML, a pop up shows up asking the user to open in the Salesforce app, select ok. The user is now signed in without having to enter creds.

As I said, not smooth. I would like the see either an extension in safari or a flow that
resembles that of other vendors to make it easy for the user.