< Blog

MICROSOFT 365 SSO ON IOS AND IPADOS

FacebookTwitterLinkedInEmail this pageWhatsapp


One of the common business challenges is to simplify the life of the employees, adopting one or more Single Sign On solutions.

What is Single Sign On (SSO)?

Single Sign On is a solution that let to use a unique user account across all the company’s services and software tools. The employee has to know only one username and one password to login into the email, ERP or wifi network.

A lot of companies uses Office 365, Microsoft 365 or Azure and they want to extend SSO onto all the mobile devices’ fleet.

Thanks to an MDM like Chimpa MDM, administrators can manage Microsoft SSO from the enrollment to the user enviroment.

Zero-touch Enrollment and Managed Apple ID

Thanks to Apple Business Manager or Apple School Manager, devices can be configured in a blink of an eye. In fact, after connecting Apple portal with Chimpa MDM, devices must be switched on and it will receive automatically all the configurations over-the-air.

Admin has to enable Azure federation on Apple Business Manager. As a result, users can leverage their Azure AD usernames (User Principal Name) and passwords as Managed Apple IDs.

Apple Business Manager with Azuere federated authentication

MDM Configuration

Chimpa MDM allows integration with Azure on Chimpa Admin, so the users can insert their Microsoft account to authorize the Remote Management phase.

Admin has to create a rule that assigns and auto installs Microsoft Apps from Chimpa Admin, using VPP licensing.

Note: It is very important that Microsoft Authenticator app is installed because it will manage the SSO procedures.

Example of rule that auto installs Microsoft apps

Another thing to do on the Chimpa Admin is to create a configuration profile containing the Extensible SSO payload, compatible from iOS 13 and iPadOS 13.

Additional info for this configuration are available at this link.

Extensible SSO payload set for Microsoft

User Experience

At this point, users unbox the new received device that was prepared to follow the zero-touch configuration and the enrollment with Chimpa MDM.

Follow the Setup Assistant after powering on the device, set country, language, wifi or cellular connection. After some seconds, Remote Management screen will popup. User can easily authenticate via a Microsoft account thanks to the integration between Chimpa MDM and Azure SSO.

Chimpa MDM login screen with Azure SSO on the Remote Management authentication screen

The device has been enrolled on Chimpa MDM and automatically starts to download work apps, settings and restrictions.

User could add its own Managed Apple ID using Azure federation and, one more time, the Microsoft account in one app.

In fact, after this “last” authentication, Microsoft Authenticator app will assist every access on compatible apps and sites.

SSO Microsoft demo on a newly iPadOS device enrolled

SSO Microsoft 365 with Chimpa MDM

  1. Use Apple Business Manager to configure VPP, Zero touch and Azure federation

  2. Configure Microsoft app installation on Chimpa MDM

  3. Configure SSO Azure on Chimpa MDM

  4. Configure Extensible SSO payload on Chimpa MDM

  5. Enroll the device using zero-touch and Microsoft account

FacebookTwitterLinkedInEmail this pageWhatsapp


Comments are closed.