Feature: Identity

Mac identity and login with your existing IdP

Use your existing identity provider to manage Mac & iOS logins, sync credentials, and enforce policy—online or off.

Get a Demo

macOS Identity and Access Management

A smarter, simpler way to log in.

Addigy Identity replaces the Mac login with one powered by Okta, Microsoft Entra, Google Workspace, and more.

Users keep one set of credentials while IT gets synced passwords, offline access, and identity‑based control. Setup takes less than 30 minutes, with a sleek, branded login experience that’s intuitive for end users and easy for IT teams to manage.

shows set of 3 login windows for Okta, Google, and Microsoft
Addigy Identity login steps UI

ATTRIBUTE SYNC & POLICY CONTROL

Sync identity attributes.
Simplify device management.

  • Pull in end user details like department, location, and job title
  • Align devices with the right people & policies
  • Track device ownership without the spreadsheet
Addigy Identity Local User Login

OFFLINE ACCESS

Stay logged in, even when offline.

  • Users can log in with their last known password
  • Compatible with FileVault login
  • Optional emergency bypass available
Composite screenshot showing three macOS login window panels from Addigy's Identity product: a Network panel prompting for a Wi-Fi password, a Network panel displaying available Wi-Fi networks and LAN connections, and an Alternative Login panel offering a button to continue to the macOS Login Window.

TESTING & ROLLOUT

Pilot identity settings with zero risk.

  • Test new login flows and policies before going live
  • Easy configuration with minimal documentation
  • No certification or complex onboarding required

Branded Mac login experience for every team.

  • Brand the login screen with logos, backgrounds, and instructions
  • Create different login experiences for each policy, department, or tenant
  • Works for both new and existing devices

Fewer passwords.
Fewer problems.

  • Users log in with existing credentials from your IdP
  • Passwords stay synced between the IdP and the Mac
  • Matches existing macOS accounts without data loss
  • Assigns admin or standard privileges automatically
Mac desktop, at the login screen, showing a custom logo and wallpaper.

Ready to modernize your Mac & iOS logins?

14 Days. All features. No commitment.

Start a Free Trial

Frequently Asked Questions

Which Identity Providers (IdPs) are supported for SSO enrollment?

Addigy’s SSO Enrollment integrates with any SAML-based identity provider, with documented configuration guides for Microsoft Entra ID (formerly Azure AD), Okta, and Google Workspace, plus a custom SAML path used for OneLogin. SSO Enrollment works with Apple Automated Device Enrollment across macOS, iOS, iPadOS, and tvOS, ensuring only assigned users in the IdP can complete device enrollment into Addigy. 

For the macOS login window itself, Addigy Identity supports Microsoft Entra ID, Okta, and Google Workspace.

How do I configure Addigy with Azure AD, Okta, or Google?

Addigy separates two IdP integration paths, and both use the same providers. For the macOS login window, open Addigy Identity and follow the per-IdP guide — create the SAML or OIDC application in Microsoft Entra ID, Okta, or Google, then paste the Entity ID and ACS URL from Addigy into the IdP and assign users. 

For device enrollment, go to the policy’s Automated Device Enrollment Settings, set End-User Setup Assistant Experience > Authentication Type to SSO Enrollment, and map the Entity ID, ACS URL, and SAML certificate to a new enterprise application in Entra, Okta, or Google. Only users assigned to the app in the IdP will be permitted to enroll or log in.

Does Addigy support macOS login window SSO?

Yes, through two complementary options. Addigy Identity replaces the native macOS login window with an IdP-backed login powered by Microsoft Entra ID, Okta, or Google Workspace — syncing passwords to the local Mac account, supporting offline logins with the last known password, and remaining FileVault compatible. Addigy also supports Apple Platform SSO via an Extensible SSO configuration profile, with dedicated deployment guides for Microsoft Entra Platform SSO and Okta Platform SSO (Desktop Password Sync). The two approaches can coexist — a common pattern is using Addigy Identity to just-in-time provision the local user, then enforcing Platform SSO for ongoing logins.

Does Addigy Identity work offline or when the IdP is unreachable?

Yes. Addigy Identity supports offline logins using each user’s last known password, so Macs stay usable when the network or the identity provider is unreachable. It is compatible with FileVault, and an optional emergency bypass is available for admins to grant access in edge cases.

How long does it take to set up Addigy Identity?

Setup takes under 30 minutes in most environments. Addigy Identity is configured from Account > Integrations in the Addigy Console, connects to your existing IdP (Microsoft Entra, Okta, or Google Workspace), and does not require certification or complex onboarding. A pilot mode lets teams test login flows and policies before rolling out company-wide.

Does Addigy Identity sync passwords and user attributes from my IdP?

Yes. Addigy Identity keeps Mac passwords in sync with the identity provider and pulls user attributes such as department, location, and job title from the IdP into Addigy. Those attributes can drive policy assignment, admin or standard privilege provisioning, and asset tracking — replacing spreadsheet-based ownership lists.