WebView2Feedback icon indicating copy to clipboard operation
WebView2Feedback copied to clipboard
verified publisher icon MicrosoftEdge

Device Compliance policy cannot be satisfied if AllowSingleSignOnUsingOSPrimaryAccount is not used

Open akunadze opened this issue 4 years ago • 4 comments

Ref: https://github.com/MicrosoftEdge/WebView2Feedback/issues/550

Description We are using WebView2 to facilitate SAML logins to Azure AD. If AllowSingleSignOnUsingOSPrimaryAccount is used everything goes smoothly. However, sometimes we need to force the user to enter his credentials, which can only be accomplished by turning AllowSingleSignOnUsingOSPrimaryAccount off. This seems to disable device information from being passed to the login server, which makes it impossible to sign in if there's a device-based policy in place, even if the entered credentials are the same as the primary OS account. Login fails, listing the device as "unregistered".

Version SDK: 1.0.774.44 Runtime: 95.0.1020.53 Framework: Win32 OS: Win10

AB#37148932

akunadze avatar Nov 17 '21 19:11 akunadze

Thanks for the bug report @akunadze - I've added it to our backlog.

champnic avatar Nov 24 '21 00:11 champnic

The issue is two years old, is there any solution?

ABSlukrawie avatar Jan 03 '24 08:01 ABSlukrawie

Bump. We just ran into this issue with one customer. However, just setting this option globally might create issues with other customers. A related question: While researching this, I discovered Chrome's "CloudAPAuthEnabled" (MS doc, Chrome doc). Does this only apply to actual Chrome browsers or also to WebView2 hosted browsers (since they're based on Chrome)?

ZwergNaseXXL avatar Jan 22 '24 12:01 ZwergNaseXXL