This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 85%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Hello,
I have a question regarding an application we are using with SSO login feature.I have already opened a question to relevant Support forum(https://learn.microsoft.com/en-us/answers/questions/1187704/achieve-sso-through-chrome-with-ca-in-place?page=1&orderby=Helpful&comment=answer-1185419#newest-answer-comment) and was proposed to continue here.
So the case is that our users are using a Public Application(Managed Playstore/Appstore) called Dataminr Pulse. Application has been registerd to Azure tenant in order to achieve SSO. The issue is that the SSO is taking place on Chrome due to WebVview and on Safari for iOS. We have a Conditional Access which does not allow access to resourves from non approved clients. Everything is working perfect through Managed Edge, but the app itsels does not open it or even prompt for opening. We did everything from Intune side and there is no way to force the SSO login process to Microsoft Edge. I suppose that App developer can customise the code and do this but I am wondering if from AzureAD side I can do anything else.
More info about the story can be found on the above link.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 16%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Have you found any solution?
I am facin a similar issue and for some reason apps are not using chrome to SSO and they are all failing conditional access.
I would be much appreciative if you could share any findings.
Hello, Following some adjustments on app protection policy, I managed did it work for Android but not for ios devices. Thus what we did was to exclude the app on conditional access policy for protected app and leave as it is fro MFA, Compliant Device, Session management
Thanks for sharing your findings. Can you elaborate more on how did you make it work for Android?
Hello, Yes what I did was to excempt from the Edge protection policy the below: Select apps to exempt WebView: com.google.android.webview Webview_2: com.android.webview Dataminr: com.dataminr.android Chrome: com.android.chrome For the last one (Chrome) not sure if it is needed. So the process was to open the app->Write the email with SSO enablement->Open Webview(Running in Chrome)-> Follow the SSO process and recieved as usual that cannot be continued(due to CA ->Approved App)->Select Open in Edge(I have enabled SSO on Edge with the relative key) and login is continued automatically. Lastly the application is opening at it's own and logged in successfully. Unfortunately, the same on iOS protection policy does not work
Thanks for the information @Dimitrios Koliopanos . In order to avoid adding to many comments to the thread let's continue this offline. Please email me to azcommunity@microsoft.com.
Hello again, there's nothing that can be done from the Azure AD side. If you really need to make this application comply with protected app or app protection policies, the developer has to implement the Intune SDK.
That being said, and out of Azure AD boundaries, I will test the aforementioned application and see if there's something that can be done from the Android side and come back to you ASAP.
Let us know if you need additional assistance. If the answer was helpful, please accept it so that others can find a solution.
Hello @Alfredo Revilla - Senior Freelance SWE, SWA, IAM , thank you for your prompt relpy. Yes please, test it and let me know if it is feasible to try another way apart from the 1st option.
I will. Bear with me since I need to reach other communities or third party support for this.
@Alfredo Revilla - Senior Freelance SWE, SWA, IAM Sure! Waiting for your input.
Hello, Did you manage to check it further?
Hello, I'm still working on this. Will come back ASAP.