What device information or headers are included in authentication when using AllowSingleSignOnUsingOSPrimaryAccount in WebView2? #5373
Unanswered
GebreegziabherGebru
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
What new information (headers or claims) is actually included in the authentication flow after setting AllowSingleSignOnUsingOSPrimaryAccount = true in a WebView2 control?
From the docs, it seems this flag only enables implicit sign-in using the OS account. But does it cause Azure AD to receive device-related metadata (e.g., device ID, compliance state) that would allow Conditional Access policies requiring device context to succeed? Or is the behavior strictly limited to silent SSO without adding device claims?
We’re trying to determine whether enabling this flag is enough to satisfy Conditional Access device-based policies, or whether additional configuration is required.
Reference docs: WebView2 Feature Flags
https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2environmentoptions.allowsinglesignonusingosprimaryaccount?view=webview2-dotnet-1.0.3351.48
Beta Was this translation helpful? Give feedback.
All reactions