I have usecase to fetch login cache from Microsoft Intune Company Portal App.
My app already has Azure Ad Sdk integrated. However after looking inside the code, I am wondering Azure ad sdk works only with Authenticator App rather than any other.
As the callback fails and no token is fetched.
Can anyone help me on this. How to invoke a token from Company Portal App. As this is issue only with iOS and working perfectly with Android.
Note: Keychain Id is also mentioned for 'adalcache'
Related
I have integrated Microsoft Intune SDK in iOS application. Able to perform all operation mainly sharing files from Outlook to my application.
I installed my application, outlook,etc on fresh device from company portal. When I share any file from Outlook to My application it shows Microsoft login screen only once as below:
It ask for login credential only once at first time share file.
I don't want to show Microsoft login screen, it must automatically authenticate using broker app like Company portal, outlook, etc.
As per Intune documentation, I have already added configuration in iOS info.plist i.e. "AutoEnrollOnLaunch" to true.
How do I completely avoid showing MS login screen?
We have our iOS app which has its own login mechanism and one of our customer uses SSO login (use MS account) in our app. And now they asked to integrate MS Intune in the app as they want to apple app protection policies on our app.
I've started integrated the ms Intune iOS SDK along with MSAL library as described in the documentation.
But I'm stuck with a issue which is described in the document (https://learn.microsoft.com/en-us/mem/intune/developer/app-sdk-ios#apps-that-do-not-use-adal-or-msal)
"Apps that do not use ADAL or MSAL
Apps that do not sign in the user using ADAL or MSAL can still receive app protection policy from the Intune MAM service by calling the API to have the SDK handle that authentication. Apps should use this technique when they have not authenticated a user with Azure AD but still need to retrieve app protection policy to help protect data. An example is if another authentication service is being used for app sign-in, or if the app does not support signing in at all. To do this, the application can call the loginAndEnrollAccount method on the IntuneMAMEnrollmentManager instance:"
According to it, in order for the app to receive the policies, it has to do login and enroll by calling the loginAndEnrollAccount API. But once I call this API, it takes me to MS login page where I can input email/password and if success delegate method gets called.
But my question, I end up with two login flow in my app (one by our own login and another from ms Intune), so not sure whether it is correct behavior or not.
Please let me know if you already worked on ms Intune in iOS.
Thanks.
We are using the iOS Intune SDK to build a native MAM app. This app needs to access the Graph API to read the user profile and other data. What we did:
(1) We registered a app and gave the permissions: User.Read (for Graph and Windows Azure AD), DeviceManagementManagedApp.ReadWrite
Login and enrollment to Intune is working, the app gets enrolled. But, when trying to obtain the access token for the Graph API using the ADAL SDK I need to sign in again a then I am blocked with the message that the device needs to be managed to access this resource.
Do I need another permission? Where to I get the access token from? Is anything else missing?
From your description it appears you have a Conditional Access policy enabled that requires mobile devices are Intune MDM managed. When you call the Graph API from an unmanaged device it will ask you to enroll the device. If you remove the Conditional Access policy you should be able to confirm this.
I have integrated Azure ad in my iOS app. I need to perform SSO when I have already logged into my Comp Portal app(Microsoft Intunes).
Note: I am able to perform auto sign-in when I have Authenticator app installed, however this doesn't work if I have only Comp Portal App installed.
On android its working fine, but no luck over iOS.
I'm trying with iOS Outlook SDK introduced at dev.outlook.com, their source code at https://github.com/OfficeDev/Outlook-SDK-iOS
I tried to register an application via Application registration tool with both an Office365 developer account and Outlook development account(request from Outlook) to get clientId, but none of them is working, I try to authenticate user but get error Application 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' is not supported for this API version
Could anyone let me know how to get a valid clientId to work with this SDK?
That sample requires the use of the Azure v1 app model, which requires that you register the app in Azure AD, per these instructions: https://msdn.microsoft.com/en-us/office/office365/howto/add-common-consent-manually.