Share via

Microsoft Online login missing Sign in options in iOS

Connor Johnston 0 Reputation points
2026-02-27T22:08:17.7333333+00:00

Hello,

I'm trying to transition to passwordless logins but I'm having an issue with an older app on an iPad. The app uses an embedded browser that is successfully connecting to O365 and authenticating logins; however, it seems to only be working for Passwords and, interestingly enough, Temporary Access Passcodes. I've tried using FIDO2, MS Authenticator, and Passkeys. If I log into Safari on the same device, it will allow me to use any of those options. The thing that really throws me off is the use of the TAP code, that's telling me that it is actively pulling current authentication methods but not allowing me to use anything except TAP or Password.

Would allowing the iOS Enterprise SSO plug-in through Company Portal work?

Am I missing something or is it just a limitation of how this embedded browser was coded?

Microsoft 365 and Office | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-27T22:08:36.5233333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    This behavior is a limitation of how the embedded browser in the older iOS app integrates with Microsoft Entra ID and modern WebAuthn/FIDO2 flows.

    Passkey/FIDO2 and Microsoft Authenticator-based passwordless sign-in rely on full WebAuthn support and specific platform integrations that are guaranteed only in supported combinations of OS + browser + app framework. Microsoft explicitly documents that:

    • Passkey (FIDO2) support depends on the browser/host surface; the recommended approach for apps is to use the system browser or supported web authentication sessions rather than a custom/legacy embedded browser.
    • For iOS apps, FIDO2 is supported when using MSAL with ASWebAuthenticationSession or broker integration (Microsoft Authenticator / Intune Company Portal). If an app uses its own legacy embedded web view, FIDO2/passkey options may not be available even though other methods (password, Temporary Access Pass) still work.

    In Safari on the same iPad, the full, supported WebAuthn surface is available, so all configured methods (FIDO2 security keys, Authenticator passkeys, etc.) appear. Inside the older embedded browser, only methods that do not require full WebAuthn/platform integration (password, TAP) are exposed.

    To use passwordless methods such as FIDO2, Microsoft Authenticator passkeys, or device-bound passkeys on iOS:

    • Use a supported browser (Safari, Edge, Chrome, etc.) or
    • Use an app that authenticates via MSAL with ASWebAuthenticationSession or broker integration, rather than a custom embedded browser.

    If the older iPad app cannot be updated to use a supported authentication surface, it will be limited to the methods that currently appear (password and TAP) even though the same account supports stronger methods elsewhere.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.