Skip to main content
Solved

Blank white window during platform single sign-on registration with Entra ID

  • April 10, 2026
  • 2 replies
  • 122 views
howie_isaacks
Forum|alt.badge.img+23

One of my users cannot register for platform single sign-on. She can complete step 1, which is to authenticate with her Mac login password.  Next, she can enter her email address. That’s when the process goes awry. After entering her email address, the window goes blank white. Behind it, we can see that Company Portal is doing something in the background. There’s the spinning progress icon. After seeing this, I removed and reinstalled Company Portal and ensured that the latest version was installed. She’s running macOS 26.3.1 and will have 26.4.1 soon since I just started enforcing that update. Has anyone seen this behavior and solved it? The PSSO login type used is Secure Enclave. We can’t do anything but cancel the registration.

 

Best answer by angelohuang

I haven’t seen that exact white-screen variant, but I have seen Platform SSO registration get weird when the macOS-side policy and the Entra expectations drift a bit, especially around Secure Enclave registration.

This Swif writeup is pretty close to the same flow and has a useful checklist for the Apple side of the config: Apple Platform SSO Policy.

I’d compare your Jamf payload and Entra settings against that, then retry after 26.4.1 lands. If Company Portal is still spinning behind a blank pane, I’d also grab Company Portal plus Enterprise SSO plug-in logs, because that usually points to the failing handoff better than the registration UI does.

    2 replies

    A
    Forum|alt.badge.img+3
    • angelohuang
    • New Contributor
    • Answer
    • April 10, 2026

    I haven’t seen that exact white-screen variant, but I have seen Platform SSO registration get weird when the macOS-side policy and the Entra expectations drift a bit, especially around Secure Enclave registration.

    This Swif writeup is pretty close to the same flow and has a useful checklist for the Apple side of the config: Apple Platform SSO Policy.

    I’d compare your Jamf payload and Entra settings against that, then retry after 26.4.1 lands. If Company Portal is still spinning behind a blank pane, I’d also grab Company Portal plus Enterprise SSO plug-in logs, because that usually points to the failing handoff better than the registration UI does.

      howie_isaacks
      Forum|alt.badge.img+23
      • howie_isaacks
      • Author
      • Esteemed Contributor
      • May 2, 2026

      I’m going to meet with the people in my company who have admin control over Entra ID and make sure that we’re all aligned. For the most part, platform single sign-on has worked well for us. That said, I have seen issues with password sync. Users find themselves unable to get back into their Mac after a restart using their new password. We have had to use the  FileVault recovery key to unlock the Mac to allow logging in. Once that is done, we can take steps to correct the password sync issue. This is why I am strongly pushing to move to using Secure Enclave. I deployed platform single sign-on last year using password sync because the SSO solution we used before synced the IdP password with the local login password. Users were used to that. Looking back I realize that I should have deployed Secure Enclave PSSO from the start. I have created a process to allow users to migrate over to Secure Enclave. I have made that process available in Self Service, but not available to everyone. If someone is having an issue with platform single sign-on using password sync, I scope the policy to their Mac so they can run it and make the switch to Secure Enclave. This has been working well. If Microsoft would get Company Portal updated to support enforcing PSSO during PreStage it would solve a lot of problems.

        Terms & ConditionsAccessibility statement