Forum Discussion

PatrickF11's avatar
PatrickF11
MCT
May 24, 2024

Platform SSO for macOS not working

(Update after long troubleshooting: the two main issues until now were: Leading and/or trailing spaces in the configs > They lead to visible and unvisible errors! When using in europe you need to re...
Intune
macos
mobile device management (mdm)
Platform SSO
PSSO
DanEngelsmeier's avatar
DanEngelsmeier
Brass Contributor
Aug 21, 2024

PatrickF11 
I am running into the exact same issue where the prompt to register the device for platform SSO is not appearing.
Device is in Business Manager via the Apple Configurator app (iPhone). It has been synced to Intune just fine. All other Intune settings and apps apply fine.
When I look at the user account I see Platform Single Sign-on showing the Entra ID account and method of Secure Enclave key as per the profile settings I've used.

I see registration listed with a green dot and "registered". I see under Tokens "SSO tokens present".

But nothing is happening to prompt logging in to the device using the Entra ID. My test user account can only log into the local user account (admin) created via the Automated Device Enrollment process.

I've checked the profile for any leading/trailing spaces in the Extension Identifier field and all others.

I don't know what else to do at this point.

Platformer's avatar
Platformer
Copper Contributor
Aug 21, 2024
Hello, you can still try log off and on from the Mac or restarting the Mac. At least that's how it works in my case. The popup is not triggered for me directly after registration either.
  • DanEngelsmeier's avatar
    DanEngelsmeier
    Brass Contributor
    Aug 21, 2024
    No luck. I still do not get the specific popup and it seems like it is registered fine. But there is only the one local account and the pw for that is not synced with Entra.
    • cblascobon's avatar
      cblascobon
      Copper Contributor
      Aug 22, 2024

      First of all, thanks to  PatrickF11 for the URL solution.

      Hello good

       

      After a week of dealing with the password synchronization issue on the local MacOS account, I found the solution to have the Mac sync the ID password. I modified the following parameter:

      Authentication Method: UserSecureEnclaveKey to Password

      After changing the option on the Mac, I went to:
      Users & Groups > Network Account Server and clicked on Repair to re-register the device. Then, the notification appeared, and I registered the password synchronization. Now, it is synchronized correctly.

       

       

       

      • PatrickF11's avatar
        PatrickF11
        MCT
        Aug 26, 2024
        Thanks for your posting. But we need to make clear that there is a huge difference in using "Password" or "Secure Enclave Mode".
        In my understanding:
        Password is only a thing to make the user experience a little better by keeping the entra id and the local password in sync, so the user only need to remember one password.

        Secure Enclave instead is a feature like Windows Hello for Business, so some kind of passwordless authentication which is respected by entra mfa.

        Are there any other thoughts regarding my estimation?

Resources