Apple identity: registration and SSO platform

Apple @ Work is brought to you by Mosyle, the only unified Apple platform. Mosyle is the only solution that fully integrates 5 different apps into one single Apple platform, allowing businesses and schools to easily and automatically deploy, manage and protect all of their Apple devices. More than 32,000 organizations use Mosyle solutions to automate the deployment, management and security of millions of Apple devices every day. Apply for a FREE account today and find out how you can put your Apple fleet on autopilot at a price that’s hard to believe.

In the podcast I did from 2012 to 2017 with Fraser Speirs, I became very identity-driven becoming a central part of the IT management experience. This period took place during the continued transition of on-premises servers and services to SaaS, becoming the default. Apple’s vision for enterprise single sign-on continued its march with WWDC 2022, so let’s take a look at what was announced regarding SSO, IDP and Apple’s identity vision for the enterprise

About [email protected]: Bradley Chambers managed a corporate IT network from 2009 to 2021. With his experience deploying and managing firewalls, switches, mobile device management system, Wi- Fi company, hundreds of Macs and hundreds of iPads, Bradley will highlight the ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories trenches of IT management and ways Apple could improve its products for IT departments.


OAuth 2 support

In iOS and iPadOS 15, Apple used a simple access token authorization mechanism to allow the device management server to verify a user’s identity. In iOS and iPadOS 16, Apple is taking it to the next level by adding support for OAuth 2. Support for OAuth 2 will allow MDM servers to support a wider variety of identity providers already compatible with OAuth 2. Instead of building a custom integration, MDM vendors can leverage OAuth 2 for any vendor that supports it.

Single sign-on

Single sign-on for enrollment is a new method for personal devices to perform MDM enrollment and access enterprise applications and SaaS web platforms with single sign-on. After you download an app that supports single sign-on sign-up, a user can be automatically signed in with their Managed Apple ID that’s synced with Azure AD or Google Workspace. To use Enrollment SSO, you will need:

  • An application that has been configured to support SSO registration
  • MDM solution federated with an identity provider
  • Managed Apple ID created in Apple Business Manager (or Apple School Manager)
  • An MDM server that has been configured to return the information the application needs to authenticate the end user

Sign-up single sign-on won’t be available at launch, but will come in a later update to iOS 16.

Platform single sign-on

Apple Identity

In macOS 13 Ventura, platform single sign-on allows end users to log in once to the macOS login window and then also be logged in to apps and websites compatible with the identity provider used by the company. An example here would be logging into macOS using Okta in the login window and then automatically being logged into a Slack and Jira instance that uses the same IdP. Apple has stated that Platform SSO is the modern replacement for Active Directory binding (good riddance).

Summary of Apple’s Identity Vision

Apple announced some exciting things at WWDC 2022 regarding its vision for Identity. These announcements are just the start of that process, as MDM and IdP vendors will need to integrate support as Apple releases this feature later in the iOS 16 and macOS Ventura release cycles. but the vision is indeed a compelling vision of the future of identity in the workplace.

FTC: We use revenue-generating automatic affiliate links. After.


Check out 9to5Mac on YouTube for more Apple news:

About Myra R.

Check Also

Global Wi-Fi Analytics Market Outlook to 2030 –

Dublin, 29 July 2022 (GLOBE NEWSWIRE) — The “Wi-Fi Analytics Market Size, Share, Trends, By …