IBM MaaS360

IBM MaaS360

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Extensible SSO Payloads Seem to Prevent Policy Deployment to iPads

  • 1.  Extensible SSO Payloads Seem to Prevent Policy Deployment to iPads

    Posted Wed February 15, 2023 12:42 PM

    I have been trying to test and eventually implement Extensible SSO (ESSO) on our iPads.  However, when this payload is added to the security policy,  The policy no longer installs to the device(s).   Any other policy without the ESSO payload installs to the same device(s) without issue.

    I also tested the same ESSO settings using an Intune MDM, and was successful installing and using the configuration.

    After some communications with support, a change was made on the back-end that allowed me to successfully install the policy in question, but only after wiping the device.  I then could not update the policy without wiping the device again which rendered the solution unusable long-term in production.  This solution also proved to be short-lived as I now don't seem to get the unmodified policy to install again after additional testing.

    I am interested in hearing from anyone who has successfully implemented the Extensible Payload in MaaS.  Or has some additional thoughts or insights regarding this situation.

    Thank you!



    ------------------------------
    Tim
    ------------------------------


  • 2.  RE: Extensible SSO Payloads Seem to Prevent Policy Deployment to iPads

    Posted Mon February 20, 2023 04:55 AM

    Hi Tim

    SSO integration with MaaS360 is done via IBM Verify. 

    You switch on the service in the Services page (Setup / Services), then you configure your Verify tenant to integrate with MaaS360 for your SSO Identity Provider (IdP). 

    Please see documentation:

    https://www.ibm.com/docs/en/maas360?topic=integrations-security-verify-integration-maas360

    https://www.securitylearningacademy.com/course/view.php?id=3462



    ------------------------------
    Eamonn O'Mahony
    Technical Client Success Manager
    IBM Security
    Dublin, Ireland
    ------------------------------

    Original Message


  • 3.  RE: Extensible SSO Payloads Seem to Prevent Policy Deployment to iPads

    Posted Mon February 20, 2023 09:04 AM
    Edited by Eamonn O'Mahony Mon February 20, 2023 09:07 AM

    Hi Tim

    Thanks for coming back. 

    The SSO and Extensible SSO settings are found in the iOS policy: 

    https://www.ibm.com/docs/en/maas360?topic=device-single-sign

    https://www.ibm.com/docs/en/maas360?topic=device-extensible-single-sign

    In order to support the configuration with your use case there is an additional layer of configuration you need: 

    Our colleague Margaret Radford and other colleagues have put a number of blogs on this Community regarding this integration, you can start here: 

    https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/09/09/migrating-from-on-premise-ad-to-azure-ad-with-ibm

    https://community.ibm.com/community/user/security/discussion/maas360-integrates-with-azure-ad

      Best
      ------------------------------
      Eamonn O'Mahony
      Technical Client Success Manager
      IBM Security
      Dublin, Ireland
      ------------------------------

      Original Message


    Related Content