Last time I was asked to implement Platform SSO for macOS devices which will be working together with Microsoft Intune.
As we know, Microsoft is working on that and progress about that can be checked on that page: In development – Microsoft Intune | Microsoft Learn
IMPORTANT UPDATE
I did a mistake in Team Identifier. Now in the post is proper. Please by aware about this change.
I’m sorry for my mistake.
But it is already working properly and in this post, I will show you – how to implement that feature!
First requirement is to deploy proper version of Company Portal. You can do that via the package or via the… script. For me, option with scripts works perfectly and it is always the latest version with auto update enabled.
If you want to read more about this script – you can check this link to see how to implement it:
When Company Porta is configured, you need to configure a proper Settings Catalog with options:
Section | Setting/Option |
---|---|
Authentication | |
Extensible Single Sign On (SSO) | Configure an app extension that enables single sign-on (SSO) for devices. |
Authentication Method (Deprecated) | Password |
Screen Locked Behavior | Do Not Handle |
Registration Token | {{DEVICEREGISTRATION}} |
Platform SSO | |
Account Display Name | Your display Name |
Authentication Method | Password |
Enable Authorization | Enabled |
Enable Create User at Login | Enabled |
New User Authorization Mode | Standard |
Use Shared Device Keys | Enabled |
User Authorization Mode | Standard |
Team Identifier | UBF8T346G9 |
Extension Identifier | com.microsoft.CompanyPortalMac.ssoextension |
Type | Redirect |
URLs | https://login.microsoftonline.com https://login.microsoft.com https://sts.windows.net https://login.partner.microsoftonline.cn https://login.chinacloudapi.cn https://login.microsoftonline.us https://login-us.microsoftonline.com |
That settings works fine for me:
Now you need to assign that Configuration profile to the ADE devices… and wait for the popup on the end-user device. Sometimes – user need to open Company Portal application and the popup appear.
Next step is to select proper account:
Wait for the next steps…
Provide a password for the Entra ID account:
And finally – end-user should see that:
Happy testing!
Platform SSO works as excepted!