Apple Enterprise Expansion through IdP integration

Apple @ Work is brought to you by Kolide, endpoint security for teams that Slack. Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. Meet your compliance goals using the most powerful, untapped resource in IT: end-users. Try Kolide for free today.

One thing that became perfectly clear in the past few years with Apple’s integrations at work is Active Directory binding is dead, and integration with Identity Providers is the future. While it’s not something I would have ever predicted a decade ago, Apple’s willingness to create APIs for other companies to manage the Mac login experience shows the company understands its role in the enterprise. This week, I want to look at why Apple’s enterprise expansion is going to continue to mature as it focuses on deep integration with other platforms.

About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.


If an IT admin were to describe the ideal macOS login experience for their end users, it would look like this:

  • Turn on Mac
  • Sign in to macOS using company IdP
  • All web apps and local apps are logged in using IdP

We’ve been close to the integration so far. First, you can integrate some systems into the macOS login experience to avoid needing local-only accounts. Then SSO providers like Okta streamlined the process of logging into apps. Finally, with macOS Catalina and iOs 13, Apple debuted its single sign-on extensions that unlocked authentications for apps and services using the credentials it had established with its IdP. Even with the SSO Extension, users had to log in twice: once to unlock the Mac and the other for apps. IdP were laggards on updating for this extension as well. Apple’s enterprise expansion is focused on much deeper integration, though.

Platform Single Sign-On: A true SSO reality

At WWDC 2022, Apple is doubling down on streamlining the SSO experience on macOS. While discussing ‘What’s New with Apple Device Management,’ Apple discussed Platform Single Sign-On. In macOS 13 Ventura, Platform Single Sign-On allows end users to sign in once at the macOS login window and then sign in to apps and websites that are compatible with the company’s identity provider. An example would be signing into macOS using Okta at the login window and automatically logging in to a Slack and Jira instance that uses the same IdP. Apple said Platform SSO is the modern replacement for Active Directory binding (good riddance).

Apple Enterprise Expansion is focused on deep IdP integration

Apple’s willingness to give up this experience to third parties indicates Apple’s enterprise expansion is focused on integration instead of building everything itself. I spoke with someone yesterday about buying “all-in-one” solutions vs. buying best-in-class solutions and then doing integration. His comment to me was that best-in-class solutions now have deep APIs and integrations out of the box. Companies now understand that their customers have many systems and need them to talk together. Apple’s focus on expanding its SSO APIs and integrations shows that it wants to be a company that IT administrators enjoy deploying, building with, and advocating for. The easier macOS is to integrate into the software and IdP solutions that companies use – the more Macs they can sell.

Apple @ Work is brought to you by Kolide, endpoint security for teams that Slack. Kolide notifies your team via Slack when their devices are insecure and gives them step-by-step instructions on how to solve the problem. Meet your compliance goals using the most powerful, untapped resource in IT: end-users. Try Kolide for free today.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

Leave a Reply

Your email address will not be published.