|

Enable Azure SSO for Chrome Using Intune: Step-by-Step Guide 2026

Set up single sign-on in Google Chrome with Microsoft Intune. This step-by-step guide covers the key policy. It lets Entra ID users log in to sites with work credentials.

Why Use This Setup

Users on Entra ID-joined devices get passwordless logins in Chrome. Works on Chrome 111+ without extensions. Improves security and user experience.

Requirements

  • Devices Entra ID joined, hybrid joined, or registered.
  • Enrolled in Intune.
  • Chrome version 111 or higher.

Step 1: Import Chrome ADMX Templates

  1. Log in to Microsoft Intune admin center at https://intune.microsoft.com.
  2. Go to Devices > Configuration profiles > Settings catalog.
  3. Download Chrome ADMX/ADML files here:
  4. Extract and import ADMX/ADML files into Intune Settings Catalog.

Step 2: Create Configuration Profile

  1. Go to Devices > Configuration > Create profile.
  2. Select Platform: Windows 10 and later.
  3. Choose Profile type: Templates > Administrative templates.
  4. Enter name: “Chrome SSO Policy”. Add description.
  5. Click Create.

Step 3: Configure Key Policy

  1. In Configuration settings, search “Allow automatic sign-in to Microsoft cloud identity providers”.
  2. Click the policy to configure.
  3. Set to Enabled.
  4. Select Enable Microsoft cloud authentication option.
  5. This sets CloudAPAuthEnabled to 1 – the critical step.

Step 4: Assign and Deploy

  1. Go to Assignments tab.
  2. Assign to user or device groups.
  3. Add exclusions if needed.
  4. Review settings and click Create.
    Policy syncs in minutes.

Step 5: Verify Setup

  1. On target device, open Chrome.
  2. Type chrome://policy/ in address bar.
  3. Confirm CloudAPAuthEnabled shows value 1.
  4. Test on office.com or teams.microsoft.com. No prompts.

Troubleshooting

  • Policy missing? Force device sync in Intune: Devices > Check status > Sync.
  • Prompts persist? Verify join type: dsregcmd /status.
  • Always check CloudAPAuthEnabled first – it’s the common miss.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *