Broker

Overview

The Android Broker (Microsoft Authenticator or Intune Company Portal) helps achieve SSO for Workplace Joined users.

After a device is joined and has obtained certificate from device enrollment, the user's account will be created inside the Broker application. Apps using ADAL will then have option to use user account inside the Broker for SSO and to get tokens.

Apps do need to register special redirectUri in the Azure portal to take advantage of the Broker.

How to install

You can install either of the following the Broker applications:

Microsoft Authenticator

Intune Company Portal

How to enable

Update AndroidManifest.xml file in your project to specify permissions for AccountManager.

  <uses-permission android:name="android.permission.INTERNET" />
  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
  <uses-permission android:name="android.permission.GET_ACCOUNTS" />
  <uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
  <uses-permission android:name="android.permission.USE_CREDENTIALS" />

Bear in mind, GET_ACCOUNTS is considered a "protection level: dangerous", and as such requests run-time permissions.

Update Broker packagename and signature.

AuthenticationSettings.INSTANCE.setBrokerSignature(BROKER_SIGNATURE);
AuthenticationSettings.INSTANCE.setBrokerPackageName(BROKER_PACKAGE_NAME);
AuthenticationSettings.INSTANCE.setUseBroker(true);

Add the correct Redirect URI to your app
1. Find your app in the Azure portal. Azure AD apps are inside the App Registrations tab.
2. Open your app, click Settings, Redirect URIs, and add a new Redirect URI in the following format: msauth://packagename/Base64UrlencodedSignature.
3. To help compose the Redirect URI above, you can use
  - GetBrokerRedirectURI.ps1
  - brokerRedirectPrint.sh
  - API call inside the app: mContext.getBrokerRedirectUri(...), the signature changes depending on the signing certificates being used.

Extra settings if you need fine grained control

Your app can skip the Broker (only if you want to skip broker and lose SSO for some scenario)
```
AuthenticationSettings.INSTANCE.setSkipBroker(true);
```

Get the current user's acount

AuthenticationContext  mContext = new AuthenticationContext (...);

// Will show you the current user account that's signed into the Broker
String curUser = mContext.getBrokerUser();

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Broker

Overview

How to install

How to enable

Getting started with ADAL Android

Configure, build, and test

Advanced topics

FAQ & Common Issues

News

Other resources

Clone this wiki locally