Hi everyone,
we’re currently testing Platform SSO (Secure Enclave) in combination with the Kerberos Single Sign-On Extensionon our Macs (managed via Jamf Pro).
Since enabling Platform SSO, we’ve encountered issues with password synchronization as well as Single Sign-On authentication for ADFS-based web applications.
As soon as Platform SSO is enabled, users receive the following prompt either after some time or following a reboot:
Password Synchronization
Verify your Active Directory and Mac passwords. If they do not match, your Mac password will be synced.
The passwords are identical (local macOS login = AD password). However, this prompt appears repeatedly — and only when Platform SSO is active.
Additionally, our ADFS-based web applications (intranet portals, internal sites) no longer perform automatic Single Sign-On once Platform SSO is active.
I’ve tested this behavior in multiple browsers (Safari, Chrome, Edge, and Firefox), and in all cases, users are prompted to sign in manually.
When Platform SSO is disabled, Kerberos/ADFS Single Sign-On works perfectly again.
Has anyone else experienced the same behavior or found a working solution
to run Platform SSO and the Kerberos Single Sign-On Extension together
without:
-
macOS repeatedly triggering the password synchronization prompt, and
-
ADFS WebApps losing Kerberos/Single Sign-On functionality?
Any insights, configuration tips, or best practices would be greatly appreciated!
Thank you 🙏