Platform SSO is available for Mac computers
What is Platform SSO?
Platform SSO is a capability that allows users to sign in to their Mac devices using a hardware-bound key, smart card, or their IdP password. This feature enhances the Microsoft Enterprise SSO plug-in for Apple devices, providing single sign-on for Microsoft Entra ID accounts on macOS 14 and later.Platform SSO with Microsoft Entra ID is currently in Preview. For more information, see Microsoft’s macOS Platform Single Sign-on overview.
Add and Configure the Company Portal Auto App
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.1
Assign to Blueprints
Assign to your desired Blueprints.
2
Set Installation Method
Set your Installation Method to Continuously Enforce.
3
Specify Version Enforcement
Specify your Version Enforcement settings.
4
Save Library Item
Save your Library Item.
Add and Configure a Login Window Library Item
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.1
Name the Library Item
Give your Login Window Library Item a Name.
2
Assign to Blueprints
Assign to your desired Blueprints.
3
Configure User Visibility
Under User Visibility, set the radio button for Display username and password fields.
4
Save Library Item
Save your Library Item.
Add and Configure a Single Sign-on Extension Library Item
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.1
Name the Library Item
Give the new Library Item a Name.
2
Select platform
Select Mac as the Install on platform.
3
Assign to Blueprints
Assign to your desired Blueprints.
4
5
Select Extension type
Under Extension type, select Redirect.
6
Configure Extension identifier
For the Extension identifier, enter com.microsoft.CompanyPortalMac.ssoextension
7
Set Team identifier
Paste UBF8T346G9 into the Team identifier text box.
8
Configure URLs
Paste the following URLs into the URLs fields.
9
Add sovereign cloud URLs (optional)
Optionally, if using sovereign cloud domains, you will need to include additional URLs.
10
11
Enable Platform SSO
Toggle the switch for Platform SSO.
12
Select Authentication Method
Select your Authentication Method. For information on which method to use for your organization, refer to Microsoft’s support article.
13
Enable optional settings (macOS 15+)
Enable additional optional settings for macOS 15 and later as needed.
14
Set Existing Users permissions
Set default permissions for Existing Users.
15
Set New Users permissions
Set default permissions for New Users.
16
Enable Shared Device Keys
Check the box for Shared Device Keys.
17
Enable authorization with identity provider
Enable Allow authorization (with identity provider account). This will allow users to interact with system authorization prompts using their Microsoft Entra ID credentials.
18
Enable automatic local account creation (optional)
If you want to automatically create local accounts for users, enable Allow creation of new users at login.To create a local account, the device must be connected to the internet at the login screen with FileVault unlocked, and Iru must have a valid Bootstrap token for that device.
19
20
Enable device attestation (optional)
If checked, the device UDID and serial number will be included in Platform SSO attestations. Available in macOS 15.4 and later.
21
Enter Account display name
Enter an Account display name.
22
Set Require full login timeout
Specify the number of seconds after which to Require full login.
23
Configure Token mapping
In the Token mapping fields, enter preferred_username for the AccountName, and name for the FullName.
24
25
Configure Groups (optional)
If desired, configure Admin Groups, Additional Groups, and User Groups.
26
Microsoft currently only supports using static Standard and Admin values for new and existing users.
27
28
Save Library Item
Save your configuration