Allow Single Sign-On for Edge WebView
Supported on: Citrix Workspace app for Windows 2411 and above.
Description
When the policy is disabled, single sign-on (SSO) is disabled for devices that are Entra ID-joined or registered. The end user must authenticate in the Workspace app if Entra ID is used as the identity provider. When the policy is not configured, single sign-on (SSO) is enabled. By default,policy is enabled.
Registry
Software\Policies\Citrix\AuthManager Value name: AllowSSOForEdgeWebview
Enabled: AllowSSOForEdgeWebview = true
Disabled: AllowSSOForEdgeWebview = false
REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Allow Single Sign-On for Edge WebView
; State: Enabled
; Supported on: Citrix Workspace app for Windows 2411 and above.
[HKEY_LOCAL_MACHINE\Software\Policies\Citrix\AuthManager]
"AllowSSOForEdgeWebview"="true" PowerShell
# Exported from gporais.com
# Policy: Allow Single Sign-On for Edge WebView
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2411 and above.
$path = 'HKLM:\Software\Policies\Citrix\AuthManager'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'AllowSSOForEdgeWebview' -Value 'true' -Type String Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Allow Single Sign-On for Edge WebView
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2411 and above.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\AuthManager' -Name 'AllowSSOForEdgeWebview' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Allow Single Sign-On for Edge WebView
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2411 and above.
$path = 'HKLM:\Software\Policies\Citrix\AuthManager'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'AllowSSOForEdgeWebview' -Value 'true' -Type String SCCM CI
# Exported from gporais.com
# Policy: Allow Single Sign-On for Edge WebView
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2411 and above.
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Allow Single Sign-On for Edge WebView
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2411 and above.
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Citrix\AuthManager' -Name 'AllowSSOForEdgeWebview' -Expected 'true' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Allow Single Sign-On for Edge WebView
# State: Enabled
# Supported on: Citrix Workspace app for Windows 2411 and above.
$path = 'HKLM:\Software\Policies\Citrix\AuthManager'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'AllowSSOForEdgeWebview' -Value 'true' -Type String