Microsoft Intune is a cloud-based service for
By integrating Microsoft Intune with the Staffbase, you can apply MDM and MAM policies directly to your Employee App. This allows you to enforce security controls such as restricting data transfer, requiring secure access, and ensuring that only compliant users and devices can access corporate content.
Authentication is handled through Microsoft Authentication Library (MSAL). MSAL is a Microsoft SDK that enables applications to authenticate users with Microsoft Entra ID and obtain access tokens for protected resources. These tokens allow the Employee App to securely access services on behalf of the authenticated user.
Intune policies are based on user identity. Before Intune can apply app protection or compliance rules, it must know who the user is and which device is being used. MSAL performs this authentication step by verifying the user’s identity. After authentication is complete, Intune applies the appropriate authorization policies based on that identity and device state.
Together, MSAL and Intune ensure secure sign-in, controlled access, and enforcement of your organization’s security and compliance requirements.
Prerequisites:
- You have Microsoft Intune for your organization.
- You have a working Microsoft Entra ID SAML SSO integration for Staffbase.
- You have one of the following permissions to configure provisioning in Entra ID:
- Application Administrator
- Cloud Application Administrator
- Global Administrator
- You can create or manage App Protection Policies in Microsoft Intune.
- You have the following details of your Employee App from Staffbase:
- Package name / bundle ID
- Signing key signature
Overview of setup process
Request app configuration details from Staffbase
Contact Staffbase Support to request the following required configuration authentication values:
- Package name / bundle ID
- Signing key signature (also known as signature hash)
Prepare the Microsoft Entra ID configuration
Create an enterprise application that represents the Employee App in your identity environment. This application enables your Employee App to authenticate users through MSAL.
In this step, you:
- Create a dedicated enterprise application
- Configure authentication and API settings required for MSAL
- Configure mobile platform authentication for Android and iOS
- Add permissions required for Intune integration
Configure Microsoft Intune
After the Entra ID configuration is complete, configure App Protection Policies in Microsoft Intune.
In this step, you:
- Create an App Protection Policy
- Add the Employee App using its package identifier
- Assign the policy to users or groups with an Intune license
These policies define how corporate data can be accessed and protected inside the Employee App.
Provide configuration details to Staffbase
After completing the setup, provide the following values to Staffbase Support:
- tenantId
- applicationId (also known as clientId)
Staffbase uses these values to complete the integration for your Employee App.
Roll out and test the integration
After providing the configuration details to Staffbase, roll out the integration to your users and test it to ensure that the Employee App is functioning correctly with the applied Intune policies.