Authenticating on an Intune managed device

Got a problem with Viscosity or need help? Ask here!

roanutil

Posts: 1
Joined: Fri Nov 22, 2024 5:59 am

Post by roanutil » Wed Dec 04, 2024 5:58 am
My company requires devices be managed by Intune and does not allow authentication with our accounts on non-managed devices. When I try to connect to the company VPN with Viscosity, the authentication fails because it doesn't see the device as managed. Authentication is performed against Microsoft Entra ID. Is there a trick to make this work?

Other apps that are able to authenticate usually open the authentication flow in the default browser instead of what Viscosity does which seems to be a WKWebView. If it matters, the same OpenVPN configuration works when using OpenVPN Connect.

macOS 15.1.1 (24B91)
Viscosity 1.11.4 (1702)

James

User avatar
Posts: 2375
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Sat Dec 21, 2024 11:11 am
Hi roanutil,

You'll likely need to ask your system administrator to set an "Associated Domain" for Viscosity. Recent versions of macOS heavily restrict what web credentials, services, and APIs (such as WenAuthn) applications can access on a per-domain basis. By setting an associated domain, that will allow Viscosity full access for that particular domain. The domain should be the domain used for web authentication. You can refer your system administrator to the following article if needed:
https://support.apple.com/en-au/guide/d ... f64513/web

Another possibility is that your VPN Provider is explicitly blocking anything that isn't a web browser (e.g. they're looking the user agent header or something similar). I'm afraid if this is the case you'll need to reach out to your VPN Provider and ask if an exception can be made.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Bluesky: https://bsky.app/profile/sparklabs.com
2 posts Page 1 of 1