microsoftconnect / intune-app-wrapping-tool-ios

This is the software for the Intune App Wrapping Tool for iOS.
55 stars 12 forks source link

"Account Not Set Up" Error After Wrapping App #105

Closed KrinklesMontgomery closed 11 months ago

KrinklesMontgomery commented 1 year ago

Hello,

We are trying to 'manage' our mobile app so that users can copy and paste text from other apps managed by our organization like Outlook, Teams, etc. This is (primarily) a Flutter app, so we're using the Intune Wrapping Tool.

Wrapping our .ipa file seems to complete without any errors, but when trying to login on the wrapped app, we get an 'Account Not Set Up' error after inputting the email/password. We have tried manually loading the wrapped .ipa using Apple Configurator 2 as well as deploying the wrapped .ipa to Company Portal via Intune, but we still get the error.

Any ideas on what might be causing this? We are using the following parameters when running the wrapping tool: -ar [CFBundleURLScheme]://auth/callback -ac [client-id] -aa https://login.microsoftonline.com/[tenant-id]

Any help would be greatly appreciated!

Screenshot 2023-10-31 at 11 19 36

IMG_8338

jamgarci-MSFT commented 1 year ago

Do you have an app protection policy that is target the user or device? https://learn.microsoft.com/en-us/troubleshoot/mem/intune/app-protection-policies/troubleshoot-mam#error-messages-and-dialogs-on-ios

Also the -ar may need to be msauth.com.yourcompany.appName://auth instead of adding on the /callback as shown here https://learn.microsoft.com/en-us/entra/identity-platform/scenario-mobile-app-registration#interactive-authentication

KrinklesMontgomery commented 1 year ago

hello,

thanks for the quick response! I updated the -ar parameter so it appears like 'msauth.com.[company-name].[app-name]://auth' but unfortunately I am still getting that issue.

We also tried including the deployment environment like 'msauth.com.[company-name].[app-name].qa://auth' but that didn't seem to affect anything.

I think the app is covered by our protection policies, we can see this included in the logs in the included scopes: https://msmamservice.api.application/DeviceManagementManagedApps.ReadWrite

I did notice that a new menu popped up after updating the redirect URI, it allows us to select our MS account to log in which was not appearing before: IMG_9335

KrinklesMontgomery commented 1 year ago

Looking through some of the diagnostic logs further and around the same time, there seem to be errors relating to finding the 'Device Primary User' in the keychain and 'auto-entrollment' failures.

Could this be the cause of the 'App Not Set Up' error?

Screenshot 2023-11-07 at 14 22 18

gastaffo commented 1 year ago

@KrinklesMontgomery Sorry for the delay. That 200 enrollment error means that the user doesn't have a MAM license. Is the user licensed?

KrinklesMontgomery commented 1 year ago

@KrinklesMontgomery Sorry for the delay. That 200 enrollment error means that the user doesn't have a MAM license. Is the user licensed?

No problem, I'm guessing my user doesn't have a MAM license but let me confirm that.

Is that something that would cause the error we're seeing?

gastaffo commented 1 year ago

Yea, A wrapped app requires policy and policy requires a license.

gastaffo commented 11 months ago

@KrinklesMontgomery Are you still having issues?

gastaffo commented 11 months ago

Closing due to inactivity. Feel free to reopen if issue persists.