"Account Not Set Up" Error After Wrapping App

[KrinklesMontgomery]

Hello,

We are trying to 'manage' our mobile app so that users can copy and paste text from other apps managed by our organization like Outlook, Teams, etc. This is (primarily) a Flutter app, so we're using the Intune Wrapping Tool.

Wrapping our .ipa file seems to complete without any errors, but when trying to login on the wrapped app, we get an 'Account Not Set Up' error after inputting the email/password. We have tried manually loading the wrapped .ipa using Apple Configurator 2 as well as deploying the wrapped .ipa to Company Portal via Intune, but we still get the error.

Any ideas on what might be causing this? We are using the following parameters when running the wrapping tool: -ar [CFBundleURLScheme]://auth/callback -ac [client-id] -aa https://login.microsoftonline.com/[tenant-id]

Any help would be greatly appreciated!

[jamgarci-MSFT]

Do you have an app protection policy that is target the user or device? https://learn.microsoft.com/en-us/troubleshoot/mem/intune/app-protection-policies/troubleshoot-mam#error-messages-and-dialogs-on-ios

Also the -ar may need to be msauth.com.yourcompany.appName://auth instead of adding on the /callback as shown here https://learn.microsoft.com/en-us/entra/identity-platform/scenario-mobile-app-registration#interactive-authentication

[KrinklesMontgomery]

hello,

thanks for the quick response! I updated the -ar parameter so it appears like 'msauth.com.[company-name].[app-name]://auth' but unfortunately I am still getting that issue.

We also tried including the deployment environment like 'msauth.com.[company-name].[app-name].qa://auth' but that didn't seem to affect anything.

I think the app is covered by our protection policies, we can see this included in the logs in the included scopes: https://msmamservice.api.application/DeviceManagementManagedApps.ReadWrite

I did notice that a new menu popped up after updating the redirect URI, it allows us to select our MS account to log in which was not appearing before:

[KrinklesMontgomery]

Looking through some of the diagnostic logs further and around the same time, there seem to be errors relating to finding the 'Device Primary User' in the keychain and 'auto-entrollment' failures.

Could this be the cause of the 'App Not Set Up' error?

[gastaffo]

@KrinklesMontgomery Sorry for the delay. That 200 enrollment error means that the user doesn't have a MAM license. Is the user licensed?

[KrinklesMontgomery]

@KrinklesMontgomery Sorry for the delay. That 200 enrollment error means that the user doesn't have a MAM license. Is the user licensed?

No problem, I'm guessing my user doesn't have a MAM license but let me confirm that.

Is that something that would cause the error we're seeing?

[gastaffo]

Yea, A wrapped app requires policy and policy requires a license.

[gastaffo]

@KrinklesMontgomery Are you still having issues?

[gastaffo]

Closing due to inactivity. Feel free to reopen if issue persists.