AzureAD Single Single On (SSO) is both an application (Company Portal.app) and a Configuration Profile applied to Jamf enrolled Macs for authentication purposes to DOI Azure Active Directory. Once applied, applications that rely on DOI Active Directory Federated Services should automatically authenticate with AzureAD SSO.
What’s the difference between AzureAD SSO and Apple Kerberos SSO?
| Azure AD SSO (What this page is about) | Apple Kerberos SSO (Link to page here.) |
| Uses the Microsoft AzureAD SSO App Extension via Intune Company Portal.app | Uses the Kerberos SSO App Extension Type via Apple |
| Supports Microsoft 365, Apps, Websites, or services integrated with Azure AD | Supports apps that require Kerberos Tickets integrated with on-Premise Active Directory (SAMBA, DFS, etc) |
Using AzureAD Single Sign On (SSO)
Once the AzureAD Single Sign On (SSO) Configuration profile is available on your computer, you will also notice another application called “Company Portal.app” by Microsoft InTune. There is no need to sign into the Company Portal App, the app facilitates AzureAD Single Sign On requests through the Apple Safari Browser. AzureAD SSO crendentials will persist, even with in-Private Safari Browsing. Other browsers such as Microsoft Edge, Google Chrome, or Mozilla FireFox are not enabled with AzureAD SSO at this time.
In the Safari Web browser, open https://portal.office.com. Enter your email address at the sign-on page and follow the steps to authenticate. Once you have authenticated, you may test functionality with the Safari browser by going to a DOI AzureAD SSO enabled page such as QuickTime Time and Attendance.
Troubleshooting AzureAD SSO
I need to revoke my AzureAD SSO Credential. You will need to enable the Developer Menu in Safari. Choose Safari > Settings, Click Advanced, then select “Show Develop menu in menu bar.” From here, Click on Develop, and then “Empty Caches.” This will flush the AzureAD SSO Credential. Disable the Developer Menu if no longer needed.
