Microsoft Authenticator app is never used with brokered authentication, only web browser.
Closed this issue · 4 comments
Previously we used ADAL and it would always redirect the user to Microsoft Authenticator when we enabled brokered authentication.
But with this library, we can't seem to find a way to trigger the Authenticator app.
Context:
- We followed all these steps correctly: https://github.com/AzureAD/microsoft-authentication-library-for-objc#configuring-msal
- Device is managed by Intune
- iPhone X
- iOS v14.3.0
- The implementation we are using is here: https://github.com/wrobins/cordova-plugin-msal/blob/master/src/ios/MsalPlugin.m
- We have set MSALGlobalConfig.brokerAvailability to MSALBrokeredAvailabilityAuto
- Authenticator installed with company account setup
- Intune company portal installed and device enrolled
- With a non-Intune wrapped build authentication is done via Safari web browser which results in a successful authentication since Safari can access the keychain
- With an Intune wrapped build authentication is done via Edge web browser (Edge is enforced by Intune) but this way authentication fails because Edge is not privileged to access the device keychain, that's why we need brokered auth. with Authenticator
@ryandegruyter Thanks for your questions. Here is a documentation on how to migrate from ADAL to MSAL including settings for broker support.
If the above doc won't help, I would suggest to file an issue in original plugin repo as it is not officially supported by our SDK and could have other issues there.
Also if you were able to put breakpoint within the MSAL lib, there is a static method canPerformRequest within MSIDBrokerInteractiveController which is used to determine if broker can be triggered
Thank you @kaisong1990, I will try and gather some more debug information.
We have full control over the native implementation, so If you have any more suggestions to better debug the issue, feel free to let me know.
Sounds great! Let us know if you find anything :)
@ryandegruyter Closing for now and feel free to reopen it there are more questions