Table of Contents
- Introduction
- In-Private, Incognito, or Private Browsing
- Supported Browsers by Operating System
- Browser Compatibility Requirements
Introduction
To successfully log into a Queen’s application protected by device compliance (such as PeopleSoft Finance and HR), there may be steps you need to take to allow your browser to pass your device compliance data to the system.
If your device is compliant with the Silver Health Standard, but your browser is not configured properly (or not supported) you will see an error message similar to that shown below. Note that the Device Identifier is showing “Not available” and the Device state is “Unregistered”.
In-Private, Incognito, or Private Browsing
Because data on the health of your system needs to be passed through the browser to the login system, In-Private, Incognito, or Private Browsing may not work on any of the supported browsers (i.e. Edge, Firefox, Safari, or Chrome) to access protected systems. We strongly recommend that you do not use private browsing when accessing applications protected by device compliance.
Supported Browsers by Operating System
Visit Microsoft’s Supported Browsers Page for the most robust reference.
Operating Systems | Browsers |
Windows 10+ | Microsoft Edge, Chrome, Firefox 91+ |
iOS | Microsoft Edge, Safari |
Android | Microsoft Edge, Chrome |
macOS* | Microsoft Edge, Chrome, Safari |
*Note that on macOS, Firefox is not a supported browser for Microsoft device compliance, however in testing, has been shown to work.
Browser Compatibility Requirements
Windows 10 and Chrome
For Windows 10 and newer devices, download and install the Windows 10 Accounts extension from the Chrome web store. This extension is required when a Conditional Access Policy requires device-specific details.
For Queen’s owned and managed devices, this extension has already been enabled. However, it can be disabled manually during the troubleshooting steps for other browser issues.
To verify the extension is available and enabled:
- Open Chrome
- Copy and paste chrome://extensions/ into the address bar of the browser.
- You should see Windows 10 Accounts in the list of extensions, and it should be enabled. If it is disabled, slide the toggle to enable it. If you do not see the extension, visit the Chrome web store to download Windows 10 Accounts, and ensure it is enabled.
Windows 10 and Firefox
Firefox on Window 10 requires the Windows SSO configuration feature enabled to work with device compliance. Note that this feature is not available for macOS; Firefox cannot be used to access protected apps at Queen’s on macOS.
To enable or check the status of Windows SSO Configuration:
- Open Firefox
- At the top right of the browser, click Open Applications Menu (3 horizontal lines)
- Click Settings
- Select Privacy & Security
- Navigate to the Logins and Passwords section
- Check the box next to the “Allow Windows single sign-on for Microsoft….”
Windows 10 and Microsoft Edge
Microsoft Edge works seamlessly with Device Compliance. If you are seeing issues, ensure you are logged into Microsoft Edge with your Queen’s account and not a Guest Account.
If you are on a personal device, you may be signed into Edge with a personal Microsoft Account. Review this article: Using Multiple profiles at work and at home with a Microsoft Edge
macOS and Allowing Certificates
If prompted to accept a client certificate from "device.login.microsoftonline.com" issued by MS-Organization-Access during sign in.
Chrome
- When prompted, verify that the issuer is MS-Organization-Access, click OK.
- Google Chrome will then prompt access to key "Microsoft Workplace Join Key" in your keychain. After entering your Mac login password, select Always Allow. If you choose Allow, you will need to accept the certificate each time you access an application protected by device compliance.
Safari
- When prompted, verify that the issuer is MS-Organization-Access, click Continue.
- Safari will then prompt access to key "Microsoft Workplace Join Key" in your keychain. After entering your Mac login password, select Always Allow. If you choose Allow, you will need to accept the certificate each time you access an application protected by device compliance.
macOS and Safari Preferences
In order for Safari to work with Device Compliance, you will need to ensure that Hide IP address setting is not enabled.
To verify and/or disable the Hide IP address:
- Open Safari
- Select Safari from the menu bar > Preferences, then click Privacy.
- Unselect the checkbox for Hide IP address from trackers if checked.