Last time I was asked to implement Platform SSO for macOS devices which will be working together with Microsoft Intune.
As we know, Microsoft is working on that and progress about that can be checked on that page: In development – Microsoft Intune | Microsoft Learn
IMPORTANT UPDATE
I did a mistake in Team Identifier. Now in the post is proper. Please by aware about this change.
I’m sorry for my mistake.
But it is already working properly and in this post, I will show you – how to implement that feature!
First requirement is to deploy proper version of Company Portal. You can do that via the package or via the… script. For me, option with scripts works perfectly and it is always the latest version with auto update enabled.
If you want to read more about this script – you can check this link to see how to implement it:
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/image-6-1024x617.png)
When Company Porta is configured, you need to configure a proper Settings Catalog with options:
Section | Setting/Option |
---|---|
Authentication | |
Extensible Single Sign On (SSO) | Configure an app extension that enables single sign-on (SSO) for devices. |
Authentication Method (Deprecated) | Password |
Screen Locked Behavior | Do Not Handle |
Registration Token | {{DEVICEREGISTRATION}} |
Platform SSO | |
Account Display Name | Your display Name |
Authentication Method | Password |
Enable Authorization | Enabled |
Enable Create User at Login | Enabled |
New User Authorization Mode | Standard |
Use Shared Device Keys | Enabled |
User Authorization Mode | Standard |
Team Identifier | UBF8T346G9 |
Extension Identifier | com.microsoft.CompanyPortalMac.ssoextension |
Type | Redirect |
URLs | https://login.microsoftonline.com https://login.microsoft.com https://sts.windows.net https://login.partner.microsoftonline.cn https://login.chinacloudapi.cn https://login.microsoftonline.us https://login-us.microsoftonline.com |
That settings works fine for me:
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/image-7.png)
Now you need to assign that Configuration profile to the ADE devices… and wait for the popup on the end-user device. Sometimes – user need to open Company Portal application and the popup appear.
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/Screenshot-2024-03-25-at-17.32.22.png)
Next step is to select proper account:
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/Screenshot-2024-03-25-at-17.32.42-1024x873.png)
Wait for the next steps…
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/Screenshot-2024-03-25-at-17.38.11-1024x873.png)
Provide a password for the Entra ID account:
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/Screenshot-2024-03-25-at-17.38.22-1024x873.png)
And finally – end-user should see that:
![macOS + Intune with Platform SSO](https://piesik.me/wp-content/uploads/2024/03/Screenshot-2024-03-25-at-17.38.43.png)
Happy testing!
Platform SSO works as excepted!