Can a cross-app SSO using ADAL be attempted using the Microsoft Intune Company Portal credentials provided when a device was enrolled?
The idea is to publish an app using this portal and fetch some data from the Graph endpoints without having to re-authorize the user as the app was deployed on a MDM managed device...
Thanks in advance.
Related
I have integrated Intune SDK in my iOS application. When user share file from Outlook(Intune configured) to my app, my app shows Microsoft login screen to end user.
What happens after Microsoft login, internally with Intune?
How Intune SDK uses token generated in my application for MS login?
Is generated token, only for my application or Intune SDK shares internally with other application (outlook,Company portal, other developer Intune integrated app, etc) too?
Can we achieve the if Any user login into iOS App Through MSAL in azure and it is authenticate and then if I open a webApp into Device Safari then it should automatically sign in and vice versa if do sso on WebApp then iOS App Login
Yes, we can achieve in SSO and web app using Azure using silent SSO between multiple apps.
This type of SSO works between multiple apps distributed by the same Apple Developer. It provides silent SSO (that is, the user isn't prompted for credentials) by reading refresh tokens written by other apps from the keychain, and exchanging them for access tokens silently.
Microsoft provides apps, called brokers, that enable SSO between applications from different vendors as long as the mobile device is registered with Azure Active Directory (AAD). This type of SSO requires a broker application be installed on the user's device.
SSO between MSAL and Safari
Silent SSO between multiple apps need to ensure the following points.
Ensure that all your applications use the same Client ID or Application ID.
Ensure that all of your applications share the same signing certificate from Apple so that you can share keychains.
Request the same keychain entitlement for each of your applications.
Tell the MSAL SDKs about the shared keychain you want us to use if it's different from the default one.
Here are the details information about SSO for IOS and MAC OS.
Currently, We have iOS application that connects to web backend developed using .Net Core 2 where it allows authorized users to download contents from the web and view through the iOS application. User management is happening through a local SQL database.
Now we have started to integrate Azure AD to our application and all web users were able to authenticate using Azure AD successfully. But our problem is how to enable Azure AD authentication to the iOS client. We found many samples in the Microsoft Azure site which explained how a Native app can directly communicate with Azure AD. But what we required is authentication to be done through our backend.
Can some please help us with this?
Is there a way to use the Outlook User photo REST API using Azure AD & OAuth or do we have to use the Azure AD v2 authentication endpoint way to retrieve photos?
Is there any other way to retrieve user photos from Outlook.com so I can use it in my web app?
I am using Azure AD to authenticate users at the moment and want to use the Azure portal only, not the Microsoft Application Registration portal.
Thanks.
The difference between Azure portal and Microsoft Application Registration portal is that Microsoft Application Registration portal supports Azure AD V2.0 endpoint.
The Azure AD v2.0 endpoint supports both Microsoft accounts and Azure Active Directory accounts.
So, it depends on which users' photo you want to acquire. If you want the app only support the users from Azure AD tenant, it is well to select Azure portal to register the app.
And here is the Microsoft Graph REST API about get the photo in user's mailbox on Exchange Online for your reference(Get photo):
GET https://graph.microsoft.com/v1.0/me/photo/$value
We have web application built on ruby on rails and added Azure AD SSO feature. We are using OAuth2 and JWT gems for achieving SSO functionality. But after successful user login, our application is not visible on users office portal myapps dashboard. Instead it is only visible if AD admin assigns this app to the user.
But..
Our objective is to show our application on any user(multi-tenant) apps (https://portal.office.com/myapps) once he successfully performs SSO. Like, developing a Web app(ruby-on-rails) that users can install directly from the Office Store.
After our googling we found this ASP.NET DEMO application(https://github.com/OfficeDev/O365-WebApp-MultiTenant) which is working same as we expected. After login we are able to see this demo app on users myapps. In the app description following is written "web application that uses Azure AD for sign-in using the OpenID Connect protocol, and then calls a Office 365 API under the signed-in user's identity using tokens obtained via OAuth 2.0. This sample uses the OpenID Connect ASP.Net OWIN middleware and ADAL .Net.".
It is clear that DEMO app uses OpenID Connect protocol, which we are not using. is this creating problem? Kindly guide us in right direction.
The administrator have to accept the app for the whole Tenant so called admin consent.
http://blog.mastykarz.nl/implementing-admin-consent-multitenant-office-365-applications-implicit-oauth-flow/
https://github.com/waldekmastykarz/sample-azure-adminconsent
hope this help
I found working ruby on rails working example which implements Openid-connect protocol here https://github.com/nov/openid_connect_sample_rp. Then modified db/seeds.db to