Chrome SSO on macOS with Workspace ONE

So, you’ve enabled Workspace ONE for your organisation, you’re on your way to End User Nirvana. Theres just one thing in your way, the Username and Password field! Workspace ONE is great at becoming a one stop shop for all Web, Native and Virtual Applications, leaving your users with just one password to remember. But… what if that could be a thing of the past! On a Workspace ONE Managed Device (macOS or Windows 10), your users can simply open their Browser of Choice (except Firefox, we’ll cover that later), et voilà . Logged in without a second thought.

Prerequisites

Workspace ONE Identity Manager
- Enable the Certificate (Cloud) Auth method, covered here on the EUCSE Blog
- Docs Here
Workspace ONE UEM Console
A Certificate Authority configured within Workspace ONE UEM to issue user certificates

macOS – Chrome

To enable the selection of the User certificate within Chrome, we need to configure the AutoSelectCertificateForUrls policy. This can be achieved with the below Custom XML. Points to change:

pattern: the CAS URL for your Identity Manager tenant. In this example, its https://cas.vidmpreview.com/
filter: The ISSUER: should be the Issuer name of your CA. Something like “Company Issuing CA“.

Leave everything else default.

<dict>
<key>AutoSelectCertificateForUrls</key>
<array>
 <string>{"pattern":"https://cas.vidmpreview.com/","filter":{"ISSUER":{"CN":”your-domain-AD01-CA"}}}</string>
</array>
<key>PayloadEnabled</key>
<true/>
            <key>PayloadDisplayName</key>
            <string>Google Chrome Settings</string>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadType</key>
            <string>com.google.Chrome</string>
            <key>PayloadUUID</key>
            <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
</dict>

Extra! Windows 10 – Chrome

Details provided by the Legendary Charlie Hodge EUCSE Blog. https://blog.eucse.com/windows-10-true-sso-using-chrome/

Further Resources

WorkspaceONE UEM Integration with Microsoft ADCS via DCOM Chrome troubleshooting: chrome://policy

IDM– Activity Reports

Adam Matthews

Solutions Engineer @ Okta. Former SE at VMware for Workspace ONE. All things Identity, MDM and Mac. Occasionally takes photos of Bands at adammatthews.photography, and blogs at adammatthews.co.uk.

adammatthews.co.uk/

Spread the love

Prerequisites

macOS – Chrome

Extra! Windows 10 – Chrome

Further Resources

Leave a Reply Cancel reply