Achieve SSO through Chrome with CA in place

Dimitrios Koliopanos 46 Reputation points
2023-03-08T14:25:15.7866667+00:00

Hello,

Let me explain the situation. We have Android Enterprise - BYOD enrollments. We have conditional access in place which allows access on Microsoft only through Approved Apps.

We have an application called Dataminr Pulse and there is an SSO with our AzureAD. DAtaminr Pulse is published through Managed PlayStore. User downloads it, enter the company mail and federation site is opening. Write down the credentials, MFA prompt for authentication and then pop-up is appearing that Login is not allowed and should use Edge instead.

This is happening because, authentication process is based to Chrome which is also installed.

So I have 2 questions:

  1. Is there any generic configuration key which I can push to application and instead of Chrome, use the Edge for SSO
  2. Can I overcome this without changing CA(approved App).

Regards,

Dimitris

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,483 questions
Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
68 questions
Microsoft Intune Application management
Microsoft Intune Application management
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Application management: The process of creating, configuring, managing, and monitoring applications.
585 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
2,350 questions
Accepted answer
  1. Alfredo Revilla (MSFT) 16,686 Reputation points Microsoft Employee
    2023-03-14T16:52:51.12+00:00

    Hello, Android WebView or Chrome cannot pass the require protected app condition. The solution is on the developer plate. To my knowledge, Android WebView relies on Chrome and changing the default brower to Edge won't fix the problem. The most straighforward solution will be to create a new policy that your device/application can comply. E.g. Require device to be marked as compliant.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 21,961 Reputation points Microsoft Vendor
    2023-03-09T01:39:33.14+00:00

    @Dimitrios Koliopanos, Thanks for posting in Q&A.

    Based on my research, I didn't find the app configuration key for Dataminr Pulse. To double confirm if there's any app configuration key on the app to change the SSO from chrome to Edge, please contact Dataminr Pulse support to see if they design this.

    Meanwhile, if we set Microsoft Edge as Default Browser on Android, will the SSO use Edge instead of Chrome?

    https://techwiser.com/set-remove-microsoft-edge-default-browser/#:~:text=1%201.%20Install%20Microsoft%20Edge%20on%20your%20Android,new%20default%20app.%20Select%20Edge%20from%20the%20list.

    Note: Non-Microsoft link, just for the reference.

    Please check the above information and if there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.