New Platform SSO for macOS Devices in Microsoft Intune

Exciting News! New Platform SSO for macOS Devices in Microsoft Intune. Microsoft Intune is always implementing new features in device management. Recently, Microsoft announced SSO for the company portal. With this new announcement, we can expect a significant change in Enterprise device management.

Single Sign-on (SSO) is the best feature for Enterprise device management. Users can access different apps and systems by providing their login details once. Integrating Intune and the macOS Company Portal App with Platform SSO demonstrates Microsoft’s dedication to enhancing the user experience.

Now you are wondering Why platform SSO? We have to know that Platform SSO will be a game-changer in macOS. Platform SSO enhances the existing Microsoft Enterprise SSO plug-in for Apple devices.

SSO is a single sign-in process allowing users to log in once and access multiple apps and websites without re-entering credentials. In this blog post, we can discuss the overview of Platform SSO and how to configure Platform SSO in Intune.

Patch My PC
[sibwp_form id=2]
New Platform SSO for macOS Devices in Microsoft Intune - Fig.1
New Platform SSO for macOS Devices in Microsoft Intune – Fig.1

Video- Intune Policies to Manage Microsoft Enterprise SSO Plug-in macOS

We have a video on the basis of Intune Policies to Manage Microsoft Enterprise SSO Plug-in macOS by Snehasis Pani. This video covers How to implement the Microsoft Enterprise SSO plug-in using Intune, and this feature can be implemented using JAMF or any other device management solution like Intune, VMware Airwatch etc.

New Platform SSO for macOS Devices in Microsoft Intune- Video .1

SSO for macOS Devices in Microsoft Intune

Platform SSO is the best improvement to the existing Microsoft Enterprise SSO plug-in for Apple devices. This aims to manage the macOS device smoothly and securely. Platform SSO and helps users sign into apps and websites with their Microsoft Entra ID. The SSO app extension is part of Platform SSO.

It also supports using Touch ID and passkeys for an even easier sign-in process. As I mentioned, here is a brief overview of Platform SSO. Now, we can discuss how it is configured in macOS devices through Intune.

  • Sign up for the Microsoft Intune admin center
  • Navigate through the Device>Configuration>New Policy

Note: Platform SSO is available in public preview On macOS devices.

Adaptiva
New Platform SSO for macOS Devices in Microsoft Intune - Fig.2
New Platform SSO for macOS Devices in Microsoft Intune – Fig.2

When you select the new policy, you must make some more settings. You must select the platform as MacOS and the profile type as Setting Catalog there.

  • Click on the Create
New Platform SSO for macOS Devices in Microsoft Intune - Fig.3
New Platform SSO for macOS Devices in Microsoft Intune – Fig.3

After that, the main important step is to Name the policy; for example, I added Sigle sign-on (SSO). If you want to remember the policy later, you have to add the description later. It will help you to understand the policy better.

  • Click on the Next option
New Platform SSO for macOS Devices in Microsoft Intune - Fig.4
New Platform SSO for macOS Devices in Microsoft Intune – Fig.4

The next important and crucial step is configuration settings; here, you have to apply the settings for the policy you will create. To do so, select the Add setting option. When you click on that, the settings picker will show up.

  • Expand the Authentication option as a category
  • Then select the option called Extensible Single Sign On (SSO)
  • Then check the options below
  1. Extension Identifier
  2. Then Expand the platform SSO
  3. Select the Authentication method
  4. Select Use Shared Device Keys
  5. Select Registration Token
  6. Select Screen Locked Behavior
  7. Select Team Identifier
  8. Select Type
  9. Select URLs
SettingsInfo
Platform ssoThis is the dictionary used to configure PlatformSSO.
Extension IdentifierThe bundle identifier of the app extension that performs SSO for the specified URLs.
Registration TokenThe token this device uses for registration with Platform SSO. Use it for silent registration with the Identity Provider. Requires that ‘AuthenticationMethod’ isn’t empty. Available in macOS 13 and later
Authentication MethodThe Platform SSO authentication method to be used with the extension. Requires that the SSO Extension also support the method
Screenlock BehaviourWhen set to Do Not Handle, the request continues without SSO. Available in iOS 15 and later and macOS 12 and later
Team identifierThe team identifier of the app extension. This key is required on macOS and ignored elsewhere
TypeThe type of SSO.
URLAn array of URL prefixes of identity providers where the app extension performs SSO. Required for Redirect payloads. Ignored for Credential payloads. The URLs must begin with http:// or https://, the scheme and hostname are matched case-insensitively, query parameters and URL fragments are not allowed, and the URLs of all installed Extensible SSO payloads must be unique
New Platform SSO for macOS Devices in Microsoft Intune – Table.1

See More: How to setup Microsoft Enterprise SSO plug-in for Apple macOS Devices using Intune

New Platform SSO for macOS Devices in Microsoft Intune - Fig.5
New Platform SSO for macOS Devices in Microsoft Intune – Fig.5

When you select the settings, close the settings picker and go back to the configuration settings window. Here, you get all the settings that you selected. Now, you have to add the appropriate value. The table below helps you add the value.

  • After giving the appropriate value, Click on the Next
SettingsValue
URL Addresshttps://login.microsoft.com
https://sts.windows.net
https://login.partner.microsoftonline.cn
https://login.chinacloudapi.cn
https://login.microsoftonline.us
https://login-us.microsoftonline.com
https://login.microsoftonline.com
Extension Identifiercom. microsoft.CompanyPortalMac.ssoextension
Use Shared Devices KeysEnabled
Registration Token{{DEVICEREGISTRATION}}
Authentication MethodUseSecureEnclaveKey
Screen Locked BehaviorDo Not Handle
Team IdentifierUBF8T346G9
TypeRedirect
New Platform SSO for macOS Devices in Microsoft Intune – Table.2
New Platform SSO for macOS Devices in Microsoft Intune - Fig.6
New Platform SSO for macOS Devices in Microsoft Intune – Fig.6

The next step is a scop tag, which is a mandatory option. You can choose it according to your preference. This section allows you to manage and control access to the platform. Here, I skipped this section and clicked on the Next option.

New Platform SSO for macOS Devices in Microsoft Intune - Fig.7
New Platform SSO for macOS Devices in Microsoft Intune – Fig.7

The next step is to go to Assignments. Here, you have to add the policy to the preferred groups. Click on add groups under Include groups. When you click on Add group, you will get a window where you have to add a group for the policy( you can also search for the groups).

  • Click on the Next
New Platform SSO for macOS Devices in Microsoft Intune - Fig.8
New Platform SSO for macOS Devices in Microsoft Intune – Fig.8

The last step, called the Review and Create option, gives you the recheck option to check all the details that you are given and whether any changes are to be made in this procedure. This is the final stage; you can view all the details in one window.

  • Click on the Create option
New Platform SSO for macOS Devices in Microsoft Intune - Fig.9
New Platform SSO for macOS Devices in Microsoft Intune – Fig.9

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Reference

What’s new in Microsoft Intune

Author

Krishna. R is a computer enthusiast. She loves writing about Windows 11 and Intune-related technologies and sharing her knowledge, quick tips, and tricks about Windows 11 or 10 with the community.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.