Microsoft sso client

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy. Single Sign-On SSO enables users to enter their credentials once to sign in and establish a session, which can be reused across multiple applications without requiring to authenticate again. The session provides a seamless experience to the user and reduces the repeated prompts for credentials.

The MSAL. When your application is open in multiple tabs and you first sign in the user on one tab, the user is also signed in on the other tabs without being prompted. By default, MSAL. When a user authenticates, a session cookie is set on the Azure AD domain in the browser. As a result, the SSO behavior varies for different cases:. When applications are hosted on the same domain, the user can sign into an app once and then get authenticated to the other apps without a prompt.

When applications are hosted on different domains, the tokens cached on domain A cannot be accessed by MSAL. When a user is signed in on domain A navigate to an application on domain B, the user will be redirected or prompted with the sign-in page.

Since Azure AD still has the user session cookie, it will sign in the user and no prompt for credentials. It uses existing sign-in state from other apps and the Safari browser. It's not limited to apps distributed by the same Apple Developer, but it requires some user interaction. The apps must be distributed by the same Apple Developer.

To enable SSO across your applications, you'll need to do the following steps, which are explained in more detail below:. For the Microsoft identity platform to know which applications can share tokens, those applications need to share the same Client ID or Application ID.

This is the unique identifier that was provided to you when you registered your first application in the portal. Each application can have multiple Redirect URIs registered in the onboarding portal. Each app in your suite will have a different redirect URI. For example:. App1 Redirect URI: msauth. Refer to Apple's Adding Capabilities article to enable keychain sharing. What is important is that you decide what you want your keychain to be called and add that capability to all of your applications that will be involved in SSO.

When you have the entitlements set up correctly, you'll see a entitlements. Add a new keychain group to your project Capabilities. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode.

Please rate your experience Yes No. Any additional feedback?