Skip to content
Authenticating on an Intune managed device
Got a problem with Viscosity or need help? Ask here!
My company requires devices be managed by Intune and does not allow authentication with our accounts on non-managed devices. When I try to connect to the company VPN with Viscosity, the authentication fails because it doesn't see the device as managed. Authentication is performed against Microsoft Entra ID. Is there a trick to make this work?
Other apps that are able to authenticate usually open the authentication flow in the default browser instead of what Viscosity does which seems to be a WKWebView. If it matters, the same OpenVPN configuration works when using OpenVPN Connect.
macOS 15.1.1 (24B91)
Viscosity 1.11.4 (1702)
Other apps that are able to authenticate usually open the authentication flow in the default browser instead of what Viscosity does which seems to be a WKWebView. If it matters, the same OpenVPN configuration works when using OpenVPN Connect.
macOS 15.1.1 (24B91)
Viscosity 1.11.4 (1702)
Hi roanutil,
You'll likely need to ask your system administrator to set an "Associated Domain" for Viscosity. Recent versions of macOS heavily restrict what web credentials, services, and APIs (such as WenAuthn) applications can access on a per-domain basis. By setting an associated domain, that will allow Viscosity full access for that particular domain. The domain should be the domain used for web authentication. You can refer your system administrator to the following article if needed:
https://support.apple.com/en-au/guide/d ... f64513/web
Another possibility is that your VPN Provider is explicitly blocking anything that isn't a web browser (e.g. they're looking the user agent header or something similar). I'm afraid if this is the case you'll need to reach out to your VPN Provider and ask if an exception can be made.
Cheers,
James
You'll likely need to ask your system administrator to set an "Associated Domain" for Viscosity. Recent versions of macOS heavily restrict what web credentials, services, and APIs (such as WenAuthn) applications can access on a per-domain basis. By setting an associated domain, that will allow Viscosity full access for that particular domain. The domain should be the domain used for web authentication. You can refer your system administrator to the following article if needed:
https://support.apple.com/en-au/guide/d ... f64513/web
Another possibility is that your VPN Provider is explicitly blocking anything that isn't a web browser (e.g. they're looking the user agent header or something similar). I'm afraid if this is the case you'll need to reach out to your VPN Provider and ask if an exception can be made.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
2 posts
Page 1 of 1