Authenticator is not being used

Question

Authenticator is not being used

Closed this issue 4 years ago · 3 comments

Hi,

We are having an issue where our app can not be used in an environment where Conditional Access has been turned on in Intune. (because the Broker is not being used)
The issue we have is that in order to use Conditional Access we need to also be using the broker (MS Authenticator) which for some reason doesn't always launch as expected.

From my trial and error experience with ADAL on both iOS and Android I have learned that the only way to tell visually on Android whether or not the Authenticator app is being used is to tell by the colour of the status bar. A grey-ish status bar will be shown if ADAL is using the built in UI (i.e. not the Broker) and a Blue status bar and feel if using Authenticator.

One of the issues I have noticed is that if for example you installed our app on a device where the Authenticator app has not yet been installed, you will then get the grey (ADAL) credentials login, if you were to then go and install Authenticator and relaunch our app ... it will never establish this "link" with the broker app and we will only ever get the grey ADAL login. If however you actually delete our app, reinstall it, then it will start using the broker app (blue status bar).

However we have now run into a situation where I need help from you. We deployed our app in a Client's enterprise environment and no amount of deleting / reinstalling / factory resetting the devices is the app using Authenticator.

The setup is as follows:

App is deployed using Android Enterprise, app is uploaded into the Google Play Console (so not directly from Intune).
App is made available and deployed via Intune.
App and broker (Authenticator) is deployed via the Work profile on Android (can be installed via Company Portal as an example)

We have ensured that Authenticator has been installed first before installing our app.

Expected behavior

App will use the Authenticator app to get a bearer token and then the app will not get blocked by Conditional Access.

Actual behavior

App will use the native ADAL "webview" to ask for credentials and then we get blocked on a screen asking for enrollment (Blue button with the words "Enroll" on it).

Steps to reproduce the problem
Specifications like the version of the library, operating system etc.
Using version 1.16.3
Gradle:
implementation('com.microsoft.aad:adal:1.16.3') {
exclude group: 'com.android.support'
}
Relevant logs and traces

Don't have access to these

Kind regards,
Andre

Answer 1 · 2020-03-10T13:40:26.000Z

Oh I forgot to mention, we have also tried switching off the battery optimization that was suggested on another issue raised.

Answer 2 · 2020-03-12T10:20:56.000Z

I have done more testing and can now reproduce this issue 100%.

It happens on my Samsung Galaxy S9 running Android 8.0.0.
The broker (Authenticator as well as Company portal) is installed.
The app does not use the broker.

On my Google Pixel 2 running Android 9.0.0. The broker is being used.

Answer 3 · 2020-05-19T09:59:23.000Z

We now have a working build of ADAL sdks (the latest ones) and on Samsung devices.
It turned out to be an implementation issue in our code base where by certain values where incorrectly set on the context.