Single Sign On SSO in iOS and Web App using Azure

Question

Can we achieve the if Any user login into iOS App Through MSAL in azure and it is authenticate and then if I open a webApp into Device Safari then it should automatically sign in and vice versa if do sso on WebApp then iOS App Login

Answer 1

• Yes, we can achieve in SSO and web app using Azure using silent SSO between multiple apps.

This type of SSO works between multiple apps distributed by the same Apple Developer. It provides silent SSO (that is, the user isn't prompted for credentials) by reading refresh tokens written by other apps from the keychain, and exchanging them for access tokens silently.

• Microsoft provides apps, called brokers, that enable SSO between applications from different vendors as long as the mobile device is registered with Azure Active Directory (AAD). This type of SSO requires a broker application be installed on the user's device. SSO between MSAL and Safari
• Silent SSO between multiple apps need to ensure the following points.

1. Ensure that all your applications use the same Client ID or Application ID.
2. Ensure that all of your applications share the same signing certificate from Apple so that you can share keychains.
3. Request the same keychain entitlement for each of your applications.
4. Tell the MSAL SDKs about the shared keychain you want us to use if it's different from the default one.

• Here are the details information about SSO for IOS and MAC OS.