I have an app that includes the "Microsoft Intune App SDK". The app does not use MSAL for authentication and requires the user to authenticate using an SSO/OAuth login.
Some customers have conditional access policies defined that require the SSO authentication to be performed using the MS Edge browser. We use a WKWebView to host the authentication screens. The authentication fails because the access policy reports the browser like Safari.
I have tried to launch the MS Edge browser externally to the app using MS Edge URL scheme like
if let url = URL(string: "microsoft-edge-https-intunemam://oatuhurl?client_id=12234&redirect_uri=myapp://callback") {
UIApplication.shared.open(url)
}
This launches the Edge browser and I can complete the authentication. However, the callback to myapp is blocked by Intune.
I receive the message: Action Not Allowed Your organization does not allow you to open this data here.
How can I allow the app to receive the callback?
I can handle the UIApplication open method in an app without Intune and extract the tokens returned from the Edge browser session but cannot find a way to accomplish this with an Intune enabled app.
I have tried various combinations of application protection policies but cannot find a way to enable my app to accept the callback.
