For single sign-on on devices, SOTI recommends the best practices laid out by the AppConfig Community, of which we are proud members.  AppConfig recommends implementing single sign-on in applications by redirecting the user to a Chrome Custom Tab (Android) or Safari Web View (iOS) which renders the Identity Provider’s authentication page.  A cookie within the browser session then enables single-sign on across different applications on the device.

SOTI has implemented the above Chrome Custom Tab flow as one of the authentication options we support for our Android Agent enrollment process (iOS enrollment is web-based).  Using a Chrome Custom Tab or Safari Web View means administrators can redirect their users to any IdP, and authenticate using whatever means their environment requires.