Reopened: Distribution of MS-Authenticator app in shared mode (for single-sign-on) without Intune.

[meinto]

@shoatman, @iamgusain, @rpdome, @hamiltonha, @negoe
Hi I reopen this issue (#1457) since this topic is still relevant for us.

Below the original text from #1457:

Initial request

This is not directly library related but it's necessary to know before you start using it. Therefore I ask this question here.

We want to use the brokered authentication with the MS-Authenticator for our apps as SSO solution and I was told that distributing the MS-Authenticator app in shared mode without Intune is not really possible. The thing is, we already have a MDM and already have our workflows implemented. Assuming switching our MDM wouldn't be an option for us.

Is it correct that the usage of this library with MS-Authenticator in shared mode, to implement a brokered SSO flow for native apps is only scalable by using Intune for the MS-Authenticator rollout? Or is there a way to configure MS-Authenticator with, for example sending intents with payload, to setup the shared device mode.

I hope I haven't missed this section in the documentation. Thank you for your support.

Additional comment for clearification

Just to make sure that I have explained my request correctly, I would rephrase it: We were able to set the MS-Authenticator in shared mode with the instructions of the documentation. But this is the manual way to do this. We want to automate the rollout process for the MS-Authenticator on our company devices with our existing MDM. Therefore I asked for way to do this, because the manual instructions doesn't fit here.

Reading the manual instructions you need to click several buttons, type in your cloud admin password and so on. This is not practicable for a remote initialization of the MS-Authenticator.

The question is, how can we achieve a MS-Authenticator initialization in shared mode, without manual interactions.