Skip to main content

Intro

Integrating Domo with Microsoft Intune can be challenging, particularly when using Intune for mobile Single Sign-On (SSO) and policy enforcement. By default, Intune-managed devices are subject to strict authentication and security requirements that may block mobile access to Domo. This article explains how to resolve common issues when using Domo with Microsoft Intune, including failed mobile authentication and conflicts with security policies. By configuring Conditional Access, applying compliance policies, and leveraging the Enterprise SSO app extension on iOS, administrators can enable secure mobile login while maintaining organizational security requirements. Learn more about single-sign on (SSO) in Microsoft Intune .

Prerequisites

Before you begin, make sure you have the following:
  • Admin access to the Microsoft Intune Admin Center
  • The Domo mobile app installed on iOS or Android devices
  • Existing SSO configuration for Domo
  • Knowledge of your organization’s compliance and security policies

Step 1: Sign in to the Intune Admin Center

You can sign in to the Intune Admin Center by following these steps:
  1. Open a web browser and go to the Microsoft Endpoint Manager Admin Center .
  2. Sign in with your Microsoft 365 administrator credentials.
Tip: Use an account with Global Administrator or Intune Administrator permissions.

Step 2: Add or Locate the Domo App

When you have navigated to the Intune Admin Center, you can locate the Domo app by following these steps:
  1. In the left-hand navigation pane, select Apps → All apps .
  2. Check if the Domo app (iOS and/or Android) appears in the list.
If the Domo app is not listed, you can add it by following these steps:
  1. Select Add → iOS Store App or Android Store App .
  2. Search for Domo and select it.
  3. Click Add and save your changes.
Learn more about adding apps to Intune .
Note: Adding the app allows you to assign policies and configure SSO for managed devices.

Step 3: Configure Enterprise SSO App Extension (for iOS)

For iOS devices, Domo must be included in the Enterprise SSO app extension allowlist to support SSO without relying on browser prompts. This ensures that Domo can use system SSO on iOS while complying with your security requirements. To configure the Enterprise SSO app extension allowlist to support SSO without relying on browser prompts, follow these steps:
  1. Navigate to Devices → iOS/iPadOS → Configuration profiles .
  2. Create or edit a profile for Enterprise SSO App Extension .
  3. Add Domo’s bundle ID to the allowlist.
  4. Assign the profile to the appropriate user groups.
Learn how to use the Microsoft Enterprise SSO plug-in .

Step 4: Configure Conditional Access Policies

Conditional Access policies enforce security requirements while allowing Domo to authenticate on managed devices. You can configure Conditional Access policies by following these steps:
  1. In the left-hand navigation pane, select Azure Active Directory → Security → Conditional Access .
  2. Create a new policy or edit an existing one.
  3. Under Cloud apps or actions , add the Domo app .
  4. Assign the policy to the appropriate user groups.
  5. Configure conditions (e.g., compliant devices, approved client apps) as required.
  6. Click Enable Policy → On , then save.

Step 5: Apply Compliance and Security Settings

You can apply compliance and security settings by following these steps:
  1. Go to Device compliance > Policies .
  2. Create or update compliance policies for iOS and Android.
  3. Include security controls such as:
    1. Blocking jailbroken or rooted devices
    2. Requiring device encryption
    3. Enforcing strong passwords
  4. Save and assign the policies to targeted groups.
Note: Your device always enforces compliance. Intune applies the required protections while Domo securely authenticates users with Apple’s ASWebAuthenticationSession .

Step 6: Test the Configuration

You can test your configuration by following these steps:
  1. On a managed iOS or Android device, install or update the Domo app.
  2. Open the app and attempt to sign in with your SSO credentials.
  3. Confirm the following:
    1. Authentication succeeds without requiring the Intune-managed browser.
    2. Device compliance and security policies are applied as expected.

Troubleshooting

What if verification fails on mobile? Verify that the Require Intune Managed Browser option is unchecked. Confirm that Domo is listed in Conditional Access . What if compliance policies don’t get applied? Re-sync the device with Intune. Verify that compliance policies are assigned to the correct user groups.

Additional Resources

Microsoft Intune Documentation Microsoft Intune Conditional Access Overview