topic iOS ExtensibleSSO invalid payload error in Endpoint Security https://community.cisco.com/t5/endpoint-security/ios-extensiblesso-invalid-payload-error/m-p/5444628#M12966 <P>Hi all,</P><P>I'm trying to use the new iOS 13.0 ExtensibleSingleSignOn payload to get Office 365 URLs in Safari to SSO with Microsoft Authenticator. It's described <A href="https://docs.microsoft.com/en-us/azure/active-directory/develop/apple-sso-plugin#enable-the-sso-extension-with-mobile-device-management-mdm" target="_blank" rel="noopener nofollow noreferrer">here</A> in the Microsoft Azure docs. </P><P>Anyway I set it all up and checked the values I had with the properties which are <A href="https://developer.apple.com/documentation/devicemanagement/extensiblesinglesignon" target="_blank" rel="noopener nofollow noreferrer">here</A> in the Apple Device Management docs.</P><P>When I target devices with the profile I get the error "The field 'Type' is invalid" in Meraki (see below)</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.PNG" style="width: 999px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263127iA6A5AED07741901E/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P><P>The only two type fields in the SSO payload are "Select Extension Type" and "Sign-On Type": </P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.PNG" style="width: 798px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263128iE56744AA1B154CF4/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P><P>But because both fields are pre-defined within Meraki I'm not sure how they can be invalid. And as far as I know I can't download the payload XML to check, either.</P><P>I've checked by creating another Meraki payload using Kerberos, but that threw the same response.</P><P>I've also searched high and low for more information about this payload on the web but it doesn't seem to be widely adopted as far as I can tell. </P><P>Can anyone tell what I'm doing wrong?</P><P>Has anyone had experience configuring Extensible SSO with iOS devices using Meraki?</P><P>Thanks in advance</P> Sun, 17 May 2020 15:53:56 GMT DSM1 2020-05-17T15:53:56Z iOS ExtensibleSSO invalid payload error https://community.cisco.com/t5/endpoint-security/ios-extensiblesso-invalid-payload-error/m-p/5444628#M12966 <P>Hi all,</P><P>I'm trying to use the new iOS 13.0 ExtensibleSingleSignOn payload to get Office 365 URLs in Safari to SSO with Microsoft Authenticator. It's described <A href="https://docs.microsoft.com/en-us/azure/active-directory/develop/apple-sso-plugin#enable-the-sso-extension-with-mobile-device-management-mdm" target="_blank" rel="noopener nofollow noreferrer">here</A> in the Microsoft Azure docs. </P><P>Anyway I set it all up and checked the values I had with the properties which are <A href="https://developer.apple.com/documentation/devicemanagement/extensiblesinglesignon" target="_blank" rel="noopener nofollow noreferrer">here</A> in the Apple Device Management docs.</P><P>When I target devices with the profile I get the error "The field 'Type' is invalid" in Meraki (see below)</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.PNG" style="width: 999px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263127iA6A5AED07741901E/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P><P>The only two type fields in the SSO payload are "Select Extension Type" and "Sign-On Type": </P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.PNG" style="width: 798px;"><span class="lia-inline-image-display-wrapper" image-alt="image.png"><img src="https://community.cisco.com/t5/image/serverpage/image-id/263128iE56744AA1B154CF4/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></SPAN></P><P>But because both fields are pre-defined within Meraki I'm not sure how they can be invalid. And as far as I know I can't download the payload XML to check, either.</P><P>I've checked by creating another Meraki payload using Kerberos, but that threw the same response.</P><P>I've also searched high and low for more information about this payload on the web but it doesn't seem to be widely adopted as far as I can tell. </P><P>Can anyone tell what I'm doing wrong?</P><P>Has anyone had experience configuring Extensible SSO with iOS devices using Meraki?</P><P>Thanks in advance</P> Sun, 17 May 2020 15:53:56 GMT https://community.cisco.com/t5/endpoint-security/ios-extensiblesso-invalid-payload-error/m-p/5444628#M12966 DSM1 2020-05-17T15:53:56Z Re: iOS ExtensibleSSO invalid payload error https://community.cisco.com/t5/endpoint-security/ios-extensiblesso-invalid-payload-error/m-p/5444629#M12967 I just wanted to say that this issue has fixed itself. Everything is now working as expected. Tue, 02 Jun 2020 12:13:52 GMT https://community.cisco.com/t5/endpoint-security/ios-extensiblesso-invalid-payload-error/m-p/5444629#M12967 DSM1 2020-06-02T12:13:52Z