Posted on by adam

Web SSO for Chrome with Workspace ONE

Prerequisites

  • Workspace ONE Identity Manager
  • Workspace ONE UEM Console
  • A Certificate Authority configured within Workspace ONE UEM to issue user certificates

macOS – Chrome

To enable the selection of the User certificate within Chrome, we need to configure the AutoSelectCertificateForUrls policy. This can be achieved with the below Custom XML.

Points to change:

  • pattern: the CAS URL for your Identity Manager tenant. In this example, its https://cas.vidmpreview.com/
  • filter: The ISSUER: should be the Issuer name of your CA. Something like “Company Issuing CA“.

Leave everything else default. 

<dict>
<key>AutoSelectCertificateForUrls</key>
<array>
 <string>{"pattern":"https://cas.vidmpreview.com/","filter":{"ISSUER":{"CN":”your-domain-AD01-CA"}}}</string>
</array>
<key>PayloadEnabled</key>
<true/>
            <key>PayloadDisplayName</key>
            <string>Google Chrome Settings</string>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadIdentifier</key>
            <string>com.google.Chrome.4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadType</key>
            <string>com.google.Chrome</string>
            <key>PayloadUUID</key>
            <string>4F720473-6832-4CE0-A895-E9C3FC6F8CBD</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
</dict>

Extra! Windows 10 – Chrome

Details provided by the Legendary Charlie Hodge EUCSE Bloghttps://blog.eucse.com/windows-10-true-sso-using-chrome/ 

Further Resources

WorkspaceONE UEM Integration with Microsoft ADCS via DCOM

​Chrome troubleshooting: chrome://policy

IDM– Activity Reports


Pages: 1 2

2 Replies to “Web SSO for Chrome with Workspace ONE”

    1. Hi Ben. They way this works is whenever a service is integrated with Workspace ONE Access as its IDP or 3rd party IDP, for SSO it will go to a certificate server (the cas url). If we then present the certificate to the CAS url automatically it will sign you in seamlessly.

      This would work if you have a service which uses a certificate to authenticate thats installed on your devices, you can just put yourdomain.com in and it will work.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *