I am looking for the magic sauce to make the following work.  I am convinced it can, I just need to know the keys/strings/values.

Scenario:

Enterprise deploys and maintains app via a Mobile Device Management system (Meraki). 

The Enterprise has federated their Apple Managed IDs with Microsoft Azure AD – Apple Managed ID is identical to the Enterprise user’s Azure ID (example: student1234@domain.us) .

The Enterprise wants to deploy the Microsoft “MyApps” app that facilitates SSO/SAML logins AND use the Managed App Settings Payload.  Depending on the MDM, this may be delivered via *.XML or *.plist file or profile.  These files provide configuration info for the app specific to the user.  (See documentation:  https://documentation.meraki.com/SM/Profiles_and_Settings/Using_the_Managed_App_Settings_Payload and https://docs.microsoft.com/en-us/intune/apps/app-configuration-policies-use-ios)

The end user signs into the device with the same password that is paired with the Apple Managed ID/Azure AD username.

There should be a way that the MyApp can pull the necessary username/password pair from the local device so that the user needs to only click the app and it will automatically authenticate without entering a username and password. 

I am guessing that the app needs to be deployed on a per user not a per device.

Your input is welcome