Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator
You can use Microsoft Authenticator for single sign-on (SSO) to applications supporting Microsoft Authentication Library (MSAL) on shared devices.
To set up and use this feature you need the following:
- Microsoft Entra ID/Azure AD Premium 1 or higher with Conditional Access feature
- Microsoft Intune/Endpoint Manager with SOTI MobiControl as the third-party compliance partner
Compatible Microsoft license plansthat include the requirements listed above:
- Microsoft 365 E3, E5, F1, or F3 licenses, or Enterprise Mobility + Security E3 (EMS
E3) or E5 (EMS E5) in Microsoft Entra ID/Azure AD. See Assigning User Licenses In Microsoft Entra ID/Azure AD for
instructions.Note: When adding a license for a user, select all services. Note that services differ based on the subscription type.
Configure SSO by completing each of the procedures listed below.
Note: Creating a device-based conditional access policy in Azure AD
is not required for this feature. A compliance policy set to Azure Conditional
Access in SOTI MobiControl is also not required. Only the Conditional
Access integration as mentioned in Microsoft 365 Conditional Access
Integration is necessary. However, if you want to have a device-based
conditional access policy, follow the steps described in Create Device-Based Conditional Access Policy.