How to Configure MDM (Intune) and Auto-Login with Microsoft Enterprise SSO

This guide explains how Hellotracks integrates with Microsoft Enterprise SSO when deployed via MDM (Intune) on iOS/iPadOS devices, and how auto-login works in the Hellotracks mobile app.


In this guide:

  1. Set Up Microsoft Enterprise SSO in Intune
  2. Copy your Microsoft Entra tenant ID
  3. Add Hellotracks as an iOS App in Intune
  4. Create an App Configuration policy for Hellotracks

  1. Set Up Microsoft Enterprise SSO in Intune

Before configuring Hellotracks, make sure Microsoft Enterprise SSO is enabled for iOS/iPadOS devices in Microsoft Intune.

  • The Microsoft Enterprise SSO plug-in must be installed
  • Microsoft Authenticator must be available on managed devices

For detailed instructions, refer to Microsoft’s official guide:

https://learn.microsoft.com/en-us/intune/intune-service/configuration/use-enterprise-sso-plug-in-ios-ipados-with-intune

  1. Copy your Microsoft Entra tenant ID

Step 1: Go to the Microsoft Entra admin center.

Step 2: Navigate to Entra ID, then Overview.

Step 3: Copy the Tenant ID.

You’ll use this value in the Intune app configuration.

  1. Add Hellotracks as an iOS App in Intune

This is required before creating the App Configuration policy.

Step 1: In Intune, go to Apps and select iOS/iPadOS.

Step 2: Click +Create.

Step 3: Choose iOS store app and Select.

Step 4: In Search the App Store, find Hellotracks.

Step 5: Select the app and click Next.

Step 6: In Assignments, assign it to the appropriate user group(s) or device group(s).

Step 7: Click Next, then Create.

  1. Create an App Configuration policy for Hellotracks

Step 1: In Intune, go to Apps and select Configuration.

Step 2: Click +Create, then Managed devices.

Step 3: In Basics, set:

  • Name: Hellotracks - Enterprise SSO
  • Platform: iOS/iPadOS

Step 4: In Targeted app, select Hellotracks and click Next.

Step 5: Select Use configuration designer.

Step 6: Add an entry:

  • Configuration key: entra_tenant_id                 
  • Value type: String
  • Configuration value: (paste your Microsoft Entra tenant ID)

This is the only required MDM configuration for enabling Enterprise SSO with Hellotracks.

Step 7: Save the configuration.

After the app configuration policy is applied, Hellotracks will use Microsoft Enterprise SSO on managed iOS/iPadOS devices.

On the first launch (or first sign-in), Microsoft may prompt users to select or confirm their account. After the initial sign-in, Hellotracks can sign users in automatically using the existing Microsoft session without requiring a username or password.

If the Microsoft sign-in prompt does not appear immediately, fully close Hellotracks (remove it from the App Switcher) and open it again to refresh the sign-in flow.

If you have questions or difficulties with your Hellotracks/MDM (Intune) and Microsoft Enterprise SSO setup, please contact support via support@hellotracks.com.

Still need help? Contact Us Contact Us