SSO for Apple Devices in Addigy
Passwords are hard. They make life difficult because you always need to remember them and use them. Add to that the fact that you need to also sign in monthly, weekly, or even daily or several times a day depending on the task or device, and it makes for a major headache. Luckily Apple and Identity Providers (IdPs) have been chipping away at those pain points over time, and Addigy has been ensuring that Apple devices in Addigy have the building blocks they need to utilize these new improvements to the authentication and session sign-in processes.
Back at WWDC 2020, Apple introduced Extensible Enterprise SSO, AKA an SSOe. This MDM payload and framework allows for IdPs to cache and use sessions on device from App to app. In doing so, cutting down on the number of sign-ins needed to complete a task or configure a new device or application. This is possible by deploying the SSOe profile to MDM-enrolled devices, and gives the device different settings and configurations in the MDM profile payloads for the device to present the IdP sign-in and what apps can re-use that sign-in once stored. This is required for some workflows such as Microsoft Conditional Access, where devices need to store a sign-in for MSAL with the Entra ID of the devices as well as the different Microsoft desktop apps.
At WWDC 2023, Apple announced further additions to the Extensible Enterprise SSO MDM profile payload as well as OS changes to support Platform SSO more fully. This will also for an enhanced Login Window sign in experience as well as other improvements with PassKeys. Okta itself is coming soon (it’s currently in private beta), which has been dubbed “Desktop Password Sync.”
Addigy has ensured that we’re ready to support SSO as soon as Apple releases it, and the connection to Platform SSO configurations is possible today in the SSOe profile. The IdP support for this from vendors such as Microsoft (Coming Soon – Platform SSO for macOS – Microsoft Community Hub), and Google is still pending.