xlla.blogg.se - Configure mobile app microsoft authenticator

Effects of installing and uninstalling a broker When a broker is installed The app will then need to lead the user through the steps to make the device compliant with the required policy. If a device doesn't already have a broker app installed, MSAL instructs the user to install one as soon as the app attempts to get a token interactively. However, some APIs (resources) are protected by Conditional Access Policies that require devices to be: The following diagram illustrates the relationship between your app, the MSAL, and Microsoft's authentication brokers.īroker-hosting apps can be installed by the device owner from their app store (typically Google Play Store) at any time.

On Android, the Microsoft Authentication Broker is a component that's included in the Microsoft Authenticator and Intune Company Portal apps.

via Android AccountManager & Account Settings.

Integrating with a broker provides the following benefits: We recommend that you use one of Microsoft's authentication brokers to participate in device-wide SSO and to meet organizational Conditional Access policies. However, it requires your users to download additional applications. It's recommended to use a broker application for benefits like device-wide SSO, account management, and conditional access. There are two ways for applications using MSAL for Android to achieve SSO:

Integrate your application with the MSAL for Android.

For more information, see the instructions for creating an app in the Android tutorial

Provision your app using the Azure portal.

In this how-to, you'll learn how to configure the SDKs used by your application to provide SSO to your customers.

With the broker capability and Authenticator applications, you can extend SSO across the entire device. The Microsoft identity platform and the Microsoft Authentication Library (MSAL) help you enable SSO across your own suite of apps. Single sign-on (SSO) allows users to only enter their credentials once and have those credentials automatically work across applications.