Seamless Single sign on on MAC/Safari using Azure AD/ADFS

Question

Hi Team,

Is there a way to achieve seamless SSO on MAC os safari browser, we have below WIASupportedUserAgents added as ADFS properties.

MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge

We have Seamless SSO on edge but MAC OS doesn't have an Edge browser, so Please suggest If anything can be done at ADFSor Azure AD level?

Thanks for your help and support !! Stay safe...

Answer 1

@Rahul Kaim All the supported WIASupportedUserAgents are listed here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-browser-wia. If you have already tried all the agents in this list and still facing the issue, you can choose to go with one of the below options:

1. Use Pass-Through Authentication with Seamless Single Signon. Refer to https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso for more details.
2. Use Primary Refresh Token (PRT) to facilitate Seamless SSO. This can be achieved by using Azure AD join and Hybrid Azure AD Join. As you are using ADFS, you have on-prem identities present, I would suggest you to go with Hybrid Azure AD Join if you are choosing to go with PRT for SSO. There are 2 ways to configure it, please refer to below documents for more detail.

Configure hybrid Azure Active Directory join for federated domains

Configure hybrid Azure Active Directory join for managed domains

-----------------------------------------------------------------------------------------------------------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.