ShruthiAchutha
commented
8 months ago Please let us know if this problem still impacts you.
Open asad-mehmood-venturediv opened 11 months ago
ShruthiAchutha
commented
8 months ago Please let us know if this problem still impacts you.
asad-mehmood-vendian
commented
8 months ago Yes still we are getting and go to Microsoft Support, they asked to remove deregister and unenroll call on logout. But that is not obvious solution, SDK Delegates sometime takes 5 minutes to invoke.
jdevag
commented
8 months ago Thanks @ShruthiAchutha . Assigning this to @boachim to take this up.
boachim
commented
7 months ago @asad-mehmood-vendian Thank you for providing the details. Can you please attach the MSAL logs for your app? Of course, disable PII logging. https://learn.microsoft.com/en-us/entra/identity-platform/msal-logging-ios?tabs=objc
asad-mehmood-vendian
commented
6 months ago Our team had one on one session with microsoft support team, they asked not to Unenroll and Deregister user on logout will fix the issue. But that is not a good thing.
asad-mehmood-vendian
commented
6 months ago For now we fixed issue in this way. But still this is an issue.
byhkalo
commented
5 months ago Hello @asad-mehmood-vendian I mentioned in this ticket: https://github.com/msintuneappsdk/ms-intune-app-sdk-ios/issues/438#issuecomment-2140628394
We have exactly the same problem. We are doing Unenroll and deregister, but it doesn't fix the issue
byhkalo
commented
2 weeks ago @boachim I have logs for IntuneMAM and this case. I don't think, that this Is the MSAL problem, because it's happening on the Remediation step.
byhkalo
commented
1 week ago Hello, I double check comments. So, the suggestion from Microsoft team is:
"Do not call unenroll and deregister on log out"
In this case when we should call unenroll and deregister?
Also, based on the comment from IntuneEnrollManager:
* @note In the case where an un-enroll is initiated, this method will block
* until the MAM token is acquired, then return. This method must be called before
* the user is removed from the application (so that required AAD tokens are not purged
* before this method is called).
- (void)deRegisterAndUnenrollAccountId:(NSString *_Nonnull)accountId withWipe:(BOOL)doWipe;So does it mean, that we should not logout from MSAL too? Because in this case we could not logout from MAM if we logged out from MSAL. Am I right?
Please, can you describe what should be the logic of account authentication and account switching in this case?
Describe the bug: While Logging In with MSAL, after entering email address my App open Microsoft Authenticator App, I select my account there, It redirects me back on my app and opens web view. It asks for Credentials of Microsoft Account, I enter email and password and press continue. It lands me on a page having title Help us keep your device secure and have a Button with title _Get the app_ Even If Authenticator App is already installed. When I click on this button it takes me to Appstore and I open Microsoft Authenticator App from there and select my account in authenticator app, no redirection happens and I am stucked, I need to kill my App and need to login again, now it performs well and Login without opening web view.
To Reproduce Steps to reproduce the behavior:
Create these conditional Access policies on Microsoft Entra Admin Portal BNY_DEV_CondAccess.xlsx
Integrate MSAL and IntuneMAMSwift in your iOS Swift Project using this sample app by Microsoft https://github.com/msintuneappsdk/wagr
Login to the App.
Logout from App.
Login Again to the app.
It will open Authenticator app, select your account from there.
It will redirect back to app and open the browser.
Enter your same microsoft account credentials
click next, it will land on the page as shown in picture above.
click on Get App button (It should not show this button because I have already installed Microsoft Authenticator app).
It will go on AppStore.
Click on Open button at appstore to open the app.
Select your account in the Microsoft Authenticator app
No redirection happens, we need to kill our app to login again.
Expected behavior: It should not show Get App Button as mentioned in step 10 instead it should open Microsoft Authenticator automatically if it is installed. (Otherwise if it goes to Appstore and open app, it should redirect back to our app after doing it's authentication)
Screenshots and logs:
Smartphone (please complete the following information):
Intune App SDK for iOS (please complete the following information):
What version of the Intune SDK are you using? Are you using the latest version? It's 18.2.0, yes latest one
What platform is your app based in (native, Xamarin based, Cordova, etc)? Native iOS
For errors during build, does the app build without Intune SDK integration? No, these error totally belongs to MSAL and it's functionality not performing as expected, it's after integration.
For errors post build, does the app launch without being Intune SDK integrated? No
Who is the customer? Yes on BNYM's Jibestream account
Additional context: Here is video for issue
https://github.com/msintuneappsdk/ms-intune-app-sdk-ios/assets/148774335/8626bfd4-c789-48af-9128-93252a2f7db0