Today I want to bring some light into the darkness and write down, what’s not written down as per today. I guess most of you know the MyApps portal, which is also feeding the Office 365 app launcher with enterprise applications. You can browse to that app panel directly via https://myapps.microsoft.com and it is a very useful service, which should be used in every cloud environment as it provides SSO to apps without the need of remembering credentials for those apps like the corporate Twitter acocount or the corporate Amazon account. And the cool thing about this is that there is also a mobile app available on iOS and Android. But there seems to be hidden information, which is very important in my opinion, but is nowhere documented.
We wanted to play around with the MyApps portal and added some applications through the Azure AD and did some testing on group based assignements to those apps, which perfectly worked fine in the browser. But there was this annoying problem, that all of this was not working on our iPhones and Androids via the MyApps mobile app. So i digged deeper into the Azure AD portal to see if there is some setting missing - nothing. I digged deeper on the ADFS if there might be some setting missing - no success. At that point we only used 1 ADFS server and no WAP.
At the same time we deployed a test/dev environment which was kind of similar to our productive environment. As I did the same tests with the MyApps app there it worked out perfectly fine on my iPhone. So I thought of the differences between those two environments - and there was only one thing different: in the test environment we had a WAP in place for handling external authentication requests to the ADFS.
So I decided to deploy a WAP in our production environment as well - et voila - suddenly the MyApps mobile app worked like charm here as well. So concluding this, it seems that the MyApps mobile app needs a WAP in place in order to successfully authenticating against the ADFS service. If this was documented somewhere, I could have saved some time worrying about this annoying problem, but I hope that this helps some of you out there overcome this issue…