This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 97%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
TL; DR: how one should modify iOS app / WkWebView inside it to send device / user identity information on an Intune-enrolled device, so that we pass SSO with conditional access policies (which require sign in from enrolled devices)?
Hey, I'm developing a mobile application (React Native) for a SaaS service. One of our features is supporting Microsoft SSO. As in, customer can define a connection to Microsoft so that during authentication process the user will be redirected to Microsoft Login page. After successful login, our backend will acquire a token from Microsoft, match Entra user with our internal user record and create an internal access token for the native client. So, iOS application doesn't interact with Microsoft APIs at all.
Everything works well up to the point, when the customer defines conditional access policies for SSO with the requirement to sign in from an Intune-enrolled device.
By that I mean the following → If we open our application on an Intune-enrolled device (enrolled using Company Portal) and try login via Microsoft SSO inside a WkWebView, Then during authentication we get the following screen:
Which suggests to me that
WkWebView instance inside our application can't provide device / user identity information of the enrolled device during authentication process.
Same time, If we open Web version of our SaaS via Safari on the same enrolled device (it's exactly the same authentication flow), Then we pass authentication i.e. device is recognized and I can see that in SSO logs.
My question is the following:
How should I modify our application to make WkWebView used for SSO, work the same way as native iOS Safari on an Intune-enrolled device, as in, pass the device information?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 63%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
Hi @Alexander Makarenko,
Hope you are doing well!
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.
Hi @Alexander Makarenko,
Hope you are doing well!
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
@Alexander Makarenko Thanks for posting in our Q&A.
For this issue, I'm not familiar with SSO. SSO is more related to Entra ID scope. Given this situation, I will add "Microsoft Entra ID" tag.
There are multiple products involved in this issue. It is suggested to create an online support ticket to get more help. Here is the support link:
https://learn.microsoft.com/en-us/mem/get-support
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hello @Alexander Makarenko,
Thank you for posting your query on Microsoft Q&A.
We understand that you're implementing Microsoft authentication in your React Native app and encountering issues with browser compatibility during redirects.
Here are some solutions to help resolve these problems.
1. Using Supported WebView
2. Using MSAL Library
Microsoft provides MSAL (Microsoft Authentication Library) specifically for handling authentication on mobile apps.
Ensure you are using the latest version of the MSAL for React Native. It’s optimized to handle Microsoft logins and supports necessary browser redirects on mobile platforms.
MSAL should handle the redirect automatically, invoking the appropriate browser if needed.
Please use the sample code for your reference
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-react
https://learn.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-react-spa-app
I hope this information is helpful. Please feel free to reach out if you have any further questions. If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".