Man coming out of computer screen holding the Addigy logo.

SSO for Apple Devices in Addigy

Passwords are hard. They make life difficult because you always need to remember them and use them. Add to that the fact that you need to also sign in monthly, weekly, or even daily or several times a day depending on the task or device, and it makes for a major headache.

Luckily Apple and Identity Providers (IdPs) have been chipping away at those pain points over time, and Addigy has been ensuring that Apple devices in Addigy have the building blocks they need to utilize these new improvements to the authentication and session sign-in processes.

Back at WWDC 2020, Apple introduced Extensible Enterprise SSO, AKA an SSOe. This MDM payload and framework allows for IdPs to cache and use sessions on device from App to app. In doing so, cutting down on the number of sign-ins needed to complete a task or configure a new device or application. This is possible by deploying the SSOe profile to MDM-enrolled devices, and gives the device different settings and configurations in the MDM profile payloads for the device to present the IdP sign-in and what apps can re-use that sign-in once stored. This is required for some workflows such as Microsoft Conditional Access, where devices need to store a sign-in for MSAL with the Entra ID of the devices as well as the different Microsoft desktop apps.

At WWDC 2023, Apple expanded the Extensible Enterprise SSO payload and added OS changes to support Platform SSO more fully, enabling a richer login-window sign-in experience alongside improvements like passkeys. What was on the horizon then is shipping now. Addigy Identity replaces the native macOS login window with an IdP-backed login that works with the identity provider you already run — Okta, Microsoft Entra ID, and Google Workspace — and supports Apple Platform SSO through an Extensible SSO configuration profile.

With our June 2026 Addigy Identity release, this is no longer a roadmap item: it’s live. The redesigned v3 login window brings a native-feeling Mac sign-in, and FileVault Silent Unlock collapses startup and login into a single authentication moment, removing the double-login that FileVault-enforcing teams used to face at every restart. Every sign-in also becomes a data event: through End User Management, user attributes flow into your inventory and into Flex Policy conditions.

Addigy Identity is included, not an add-on

Identity is core to Apple management, so core Addigy Identity capabilities are included for every Addigy customer, at every tier, at no additional cost. The security foundation of the platform doesn’t sit behind a paywall.

See what’s new in Addigy Identity

Find your right SSO fit

Michaela Gilman

Michaela Gilman

Senior Product Manager

LinkedIn

Similar Posts