Eptura Engage and Microsoft Edge authentication
If your organization uses Microsoft Intune to authenticate single sign-on (SSO) via Microsoft Edge when launching the Eptura Engage mobile app, ensure the Eptura Engage mobile app is added to the targeted apps list and that Microsoft Edge is an approved browser for mobile application management (MAM) and is an approved client. If not, users might see 'Action not allowed' when signing in.
A mobile application management (MAM) policy must also be assigned to the user who is signing in; if not, the user might see the 'Authorization required' message and be prevented from signing in.
Add the Eptura Engage mobile app to Targeted apps
From the Intune Admin Centre, navigate to Apps > Apps protection policies > Targeted apps, and add Eptura Engage mobile app if not already listed.
Configure Edge as approved browser for MAM
From your Azure Portal, navigate to Entra ID > Enterprise Applications > [Eptura Engage app] > Conditional Access and check:
- The policy allows browser access via Edge for mobile platforms.
- Edge is marked as a compliant browser or as an approved app under the 'Cloud apps or actions' condition.
Configure Edge as an approved client
If you’re using Conditional Access > Require approved client app or Require app protection policy, Microsoft Edge must be recognized as an approved client.
- In your Conditional Access policy, ensure Microsoft Edge is included under the 'Client apps' filter.
Assign MAM policy to user group
From the Intune Admin Centre, navigate to Apps > App protection policies, and ensure:
- A MAM policy (iOS and/or Android, as appropriate) is assigned to the same user group for Eptura Engage and Microsoft Edge.
- The MAM policy applies to both Eptura Engage and Microsoft Edge.
Make sure the MAM policy supports the platform:
- For Android users, the policy must apply to 'Android device administrator' or 'Android Enterprise' (depending on your configuration).
- For iOS users, confirm the app identifiers (bundle IDs) match the Eptura Engage app.
If your users are using personal devices (non-enrolled), make sure MAM without enrollment is enabled:
- From the Intune Admin Centre navigate to Tenant Administration > Intune App Protection > App Management Settings > MAM for unenrolled devices = Enabled.
Good to know
- After a policy refresh, always restart Microsoft Edge and Eptura Engage. Users must sign out and log back in to Eptura Engage via Microsoft Edge.
- Ensure users are signed in to Microsoft Edge using the same AAD account as used for Eptura Engage.
- Optionally, a sync can be forced via the Intune Admin Center > Company Portal > Settings > Sync