Achieve SSO through Chrome with CA in place

Dimitrios Koliopanos 56 Reputation points
2023-03-08T14:25:15.7866667+00:00

Hello,

Let me explain the situation. We have Android Enterprise - BYOD enrollments. We have conditional access in place which allows access on Microsoft only through Approved Apps.

We have an application called Dataminr Pulse and there is an SSO with our AzureAD. DAtaminr Pulse is published through Managed PlayStore. User downloads it, enter the company mail and federation site is opening. Write down the credentials, MFA prompt for authentication and then pop-up is appearing that Login is not allowed and should use Edge instead.

This is happening because, authentication process is based to Chrome which is also installed.

So I have 2 questions:

  1. Is there any generic configuration key which I can push to application and instead of Chrome, use the Edge for SSO
  2. Can I overcome this without changing CA(approved App).

Regards,

Dimitris

Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
232 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
872 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,307 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,397 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2023-03-14T16:52:51.12+00:00

    Hello, Android WebView or Chrome cannot pass the require protected app condition. The solution is on the developer plate. To my knowledge, Android WebView relies on Chrome and changing the default brower to Edge won't fix the problem. The most straighforward solution will be to create a new policy that your device/application can comply. E.g. Require device to be marked as compliant.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.


1 additional answer

Sort by: Most helpful
  1. Crystal-MSFT 42,716 Reputation points Microsoft Vendor
    2023-03-09T01:39:33.14+00:00

    @Dimitrios Koliopanos, Thanks for posting in Q&A.

    Based on my research, I didn't find the app configuration key for Dataminr Pulse. To double confirm if there's any app configuration key on the app to change the SSO from chrome to Edge, please contact Dataminr Pulse support to see if they design this.

    Meanwhile, if we set Microsoft Edge as Default Browser on Android, will the SSO use Edge instead of Chrome?

    https://techwiser.com/set-remove-microsoft-edge-default-browser/#:~:text=1%201.%20Install%20Microsoft%20Edge%20on%20your%20Android,new%20default%20app.%20Select%20Edge%20from%20the%20list.

    Note: Non-Microsoft link, just for the reference.

    Please check the above information and if there's any update, feel free to let us know.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.