Forum Discussion
Platform SSO - MacOS Authorization Groups and Additional Groups
Working with Platform SSO...all is well for the most part. Has there been any advancements or continued development for Authorization Groups and Additional Groups? The ability to leverage these groups, IMO, is critical. I do have some scripts granting some general authorizations to users on a device (time, print, network), but leveraging groups to manage authorizations/ permissions with a diverse group of users and needs is the way.
1 Reply
Hi gfrizzzy,
To the best of my knowledge, there have been no major updates or expanded functionality for Authorisation Groups or Additional Groups in Platform SSO since Apple introduced them with macOS 14 (Sonoma).
Most administrators use one of these methods:- Use MDM-level configuration profiles or scripts to manage permissions, such as granting network or print preferences via the security authorisation database or installation scripts.
- Platform SSO with Administrator Groups only, combined with local policies for everything else.
- They use custom launch or provisioning scripts. These scripts read group claims from the IdP. They also manually apply local group membership after login.
Until Apple enhances group-based functionality in future macOS releases, this approach remains the most reliable way to handle permissions and authorisations for diverse user groups.
