Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional grade platform all the solutions necessary to seamlessly and automatically deploy, manage and protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
For the last fifteen years, Mac admins have been chasing a ghost: the “Single Glass Pane” of identity. We spent years trying to bind Macs to Active Directory, only to realize it was a nightmare to manage. Then we moved to other tools to sync local passwords with the cloud. These were great tools, but they were band-aids. They were third-party software trying to connect two different worlds (local and cloud).
With Platform SSO, Apple has built that glue directly into the foundation of macOS. I will go on record: this is the most critical enterprise technology Apple has shipped since the foundation of device management. It marked the moment where the Mac became a direct extension of your cloud identity.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
What is Platform SSO?
It is a built-in framework in macOS that allows the operating system to communicate directly with your cloud Identity Provider, whether that is Google Workspace, Okta, or another supported vendor. In the past, the Mac login window was an island. You logged in with a local account, and then you logged in again to your cloud apps. We had tools that bridged this gap by syncing your local password with your cloud password, but they were running as apps on top of the OS. Platform SSO integrates this capability at the system level.
It allows for true password synchronization, where a change in the cloud updates the local Mac immediately. More importantly, it supports authentication via the Secure Enclave. This means the Mac itself becomes a trusted factor in your security chain. It effectively modernizes the old concept of Active Directory binding for a cloud-first and remote-first world.
Platform SSO isn’t a one-size-fits-all solution. It offers a menu of authentication methods depending on your Identity Provider and your security needs. Here is how they break down:
- Password: This is the foundation for most organizations. It allows the user to authenticate using either their local Mac password or their cloud IdP password. It is robust enough to handle WS-Trust, meaning it works even if your identity provider is federated.
- Secure Enclave–backed key: Instead of sending a password over the wire, the user authenticates using a cryptographic key stored in the Mac’s Secure Enclave. The IdP sets this up during registration, allowing for a seamless, passwordless experience.
- Smart Card: For high-security environments or government contracts, Platform SSO supports smart cards. You just register the card with your IdP and configure the attribute mapping on the Mac, and you are good to go.
- Access Key: This is a newer method where users authenticate using a pass stored inside of Apple Wallet. Just like the smart card method, the key has to be registered with your IdP ahead of time.
Wrap up: Why Platform SSO matters so much
Platform SSO is significant because it represents a shift in Apple’s philosophy. For a long time, the Mac acted like it was the center of the universe. With Platform SSO, Apple is effectively admitting that in the enterprise, it is just a cog in the wheel. It is a premium, high-performance cog, but it still answers to the identity provider. The most visible image of this shift is the login screen itself. Seeing a Microsoft or Google icon sitting natively on the macOS login window is a massive visual change that I frankly thought would never happen. Apple is acknowledging that for the vast majority of businesses, the identity system is the key source of truth, and Platform SSO is critical to zero-touch deployments.
By allowing these third-party icons to claim real estate on the “front door” of the Mac, Apple is meeting enterprise IT where they actually live (in a SaaS IdP), which ultimately has made the Mac the easiest device in the enterprise to deploy and manage.
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional grade platform all the solutions necessary to seamlessly and automatically deploy, manage and protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
FTC: We use income earning auto affiliate links. More.
Comments