Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator
You can use Microsoft Authenticator for single sign-on (SSO) to applications supporting Microsoft Authentication Library (MSAL) on shared devices.
To set up and use this feature you need the following:
- Microsoft Entra ID/Azure AD Premium 1 or higher with Conditional Access feature
- Microsoft Intune/Endpoint Manager with SOTI MobiControl as the third-party compliance partner
Compatible Microsoft license plansthat include the requirements listed above:
- Microsoft 365 E3, E5, F1, or F3 licenses, or Enterprise Mobility + Security E3 (EMS
E3) or E5 (EMS E5) in Microsoft Entra ID/Azure AD. See Assigning User Licenses In Microsoft Entra ID/Azure AD for
instructions.Note: When adding a license for a user, select all services. Note that services differ based on the subscription type.
Configure SSO by completing each of the procedures listed below.
Note: Creating a device-based conditional access policy in Azure AD
is not required for this feature. A compliance policy set to Azure Conditional
Access in SOTI MobiControl is also not required. Only the Microsoft 365
Conditional Access integration as mentioned in Microsoft 365 Conditional Access Integration and Configure Compliance Partner Endpoint is necessary. However, if
you want to have a device-based conditional access policy, follow the steps
described in Create Device-Based Conditional Access Policy.