SSO issues
A potential workaround is to install the Microsoft Extension on Chrome, visit Sharepoint, click on the account you wish to log in with, close the browser, and then try visiting SharePoint directly – Here's the link to the extension: Microsoft Single Sign-On.
When the user tries to log in using Chrome, they are prompted to sign in, and SSO does not work as expected. However, if the user allows themselves to be redirected to the custom homepage set by local admins, OKTA completes the SSO process and allows them to sign in.
We validated that our organization's devices are Hybrid Entra Joined, and the PRT issued would be used for the SSO experience on Microsoft applications. We confirmed that Chrome, out of the box, does not support SSO or device-based claims for Microsoft applications.
To enable Chrome to support SSO or device-based claims needed for Conditional Access, the Microsoft Single Sign-On extension needs to be installed. You can review the following articles for more details:
Conditions in Conditional Access policy - Microsoft Entra ID | Microsoft Learn
Primary Refresh Token (PRT) and Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn
We tested this, and after installing the Microsoft Single Sign-On extension, we found that the user was able to log in to SharePoint without being prompted to sign in.
Last updated
