Apple @ Work is exclusively brought to you by Mosyle, Apple’s only unified platform. Mosyle is the only solution that integrates into a single professional platform all the solutions necessary to seamlessly and automatically deploy, manage and protect Apple devices at work. Over 45,000 organizations trust Mosyle to provision millions of Apple devices effortlessly and affordably. Ask for EXTENDED PRACTICE TESTS today and you’ll understand why Mosyle is everything you need to work with Apple.
For the past fifteen years, Mac administrators have been chasing a ghost: a “single pane of glass” of identity. We spent years trying to connect Macs to Active Directory, only to realize it was a nightmare to manage. Then we moved on to other tools for syncing local passwords with the cloud. They were great tools, but they were band-aids. It was a third-party software that tried to connect two different worlds (on-premises and cloud).
With Platform SSO, Apple has built this glue right into the foundation of macOS. I’ll go ahead: this is the most business-critical technology Apple has delivered since the inception of device management. It marked the moment when the Mac became a direct extension of your cloud identity.
About Apple@Work: Bradley Chambers managed the enterprise IT network from 2009 to 2021. With experience deploying and managing firewalls, switches, mobile device management system, enterprise Wi-Fi, 1000 Macs and 1000 iPads, Bradley will highlight the ways Apple IT managers deploy Apple devices, build networks to support them, train users, IT departments, stories and Apple products.
What is Platform SSO?
It’s a built-in framework in macOS that allows the operating system to communicate directly with your cloud identity provider, whether it’s Google Workspace, Okta, or another supported vendor. In the past, the login window was a Mac island. You signed in with a local account and then signed in to your cloud apps again. We had tools that bridged this gap by syncing your local password with the cloud password, but they ran as applications on top of the operating system. The SSO platform integrates this capability at the system level.
Enables true password synchronization where a change in the cloud instantly updates your local Mac. More importantly, it supports authentication via Secure Enclave. This means that the Mac itself becomes the trusted factor in your security chain. It effectively modernizes the old concept of Active Directory binding for a cloud-based and remote world.
The SSO platform is not a one-size-fits-all solution. It offers a range of authentication methods depending on your identity provider and your security needs. Here’s how they break down:
- Password: This is the foundation for most organizations. Allows the user to authenticate using a local Mac password or a cloud IdP password. It’s robust enough to handle WS-Trust, meaning it works even if your identity provider is federated.
- Secure Enclave backup key: Instead of sending a password over the wire, the user is authenticated using a cryptographic key stored in a secure Mac enclave. The IdP sets this up during registration, allowing seamless password-less operation.
- Smart card: For highly secure environments or government contracts, Platform SSO supports smart cards. Just register the card with your IdP and configure the attribute mapping on your Mac and you’re good to go.
- Access key: This is a newer method where users authenticate using a password stored in Apple Wallet. As with the smart card method, the key must be pre-registered with your IdP.
Summary: Why an SSO platform matters so much
The SSO platform is significant because it represents a shift in Apple’s philosophy. For a long time, Mac acted like he was the center of the universe. With Platform SSO, Apple is effectively admitting that it is just a cog in the enterprise. It’s a premium, high-performance cog, but still lives up to the identity provider. The most visible image of this shift is the login screen itself. Seeing a Microsoft or Google icon sitting natively in the macOS login window is a massive visual change that I honestly thought would never happen. Apple recognizes that for the vast majority of enterprises, the identity system is the key source of truth, and Platform SSO is essential for touchless deployments.
By allowing these third-party icons to claim real estate at the Mac’s “front door,” Apple meets enterprise IT where they really live (in the SaaS IdP), ultimately making the Mac the easiest device in the enterprise to deploy and manage.
Apple @ Work is exclusively brought to you by Mosyle, Apple’s only unified platform. Mosyle is the only solution that integrates into a single professional platform all the solutions necessary to seamlessly and automatically deploy, manage and protect Apple devices at work. Over 45,000 organizations trust Mosyle to provision millions of Apple devices effortlessly and affordably. Ask for EXTENDED PRACTICE TESTS today and you’ll understand why Mosyle is everything you need to work with Apple.
FTC: We use automatic income earning affiliate links. More.
