Got platform SSO working with Entra on 15 and now that 26 is out, trying to get registration during setup working. Keep getting the following error during setup:
Unable to Sign-In
The single sign-on extension could not validate the domain. Contact your administrator to help get single sign-on set up.
Same here, this is one of 2 search results for this error so hopefully we get clarification. I’ve opened Apple and Jamf tickets as well.
The response that I received from Jamf was that it’s not yet support by Azure or Okta.
https://www.jamf.com/blog/macos-26-platform-sso-simplified-setup/
Per their post:
Note: As of this writing, there are no publicly-shipping Platform SSO applications that support Simplified Setup for PSSO. We will update this blog once we learn more.
+11They said at JNUC Azure/Entra isn’t supported yet for “simple setup.”
The response that I received from Jamf was that it’s not yet support by Azure or Okta.
https://www.jamf.com/blog/macos-26-platform-sso-simplified-setup/
Per their post:
Note: As of this writing, there are no publicly-shipping Platform SSO applications that support Simplified Setup for PSSO. We will update this blog once we learn more.
well, they need to update their blog: https://iamse.blog/2025/10/16/farewell-complexity-platform-sso-simplified-setup-on-macos-26-powered-by-okta-and-jamf/
+15I was told by a Microsoft Entra engineer recently that Microsoft won’t be supporting a PSSO configuration during macOS Setup Assistant until at least January.
We eventually got this working with the help of both of these links, the most helpful was the JAMF link:
https://learn.jamf.com/en-US/bundle/technical-articles/page/Platform_SSO_for_Microsoft_Entra_ID.html
We started with a clone of the original Pre-Stage from the Jumpstart visit, which was tailored for the things were were doing in 2019 with AD binding and other functions Even though we followed every other step in the links, we had Registration failures. It wasn’t until we created a fresh Pre-Stage for our test Tahoe computers that we had success. And that Pre-Stage deploys the Company Profile package.
A.
+5It basically relies on the IdPs application being updated to support PSSO at enrollment and both Okta and Microsoft have been working on it. The idea being to just assign the config profile to the prestage, attach the IdPs app, like Company Portal and tick the box to do the simplified setup and give it the bundle identifier of the app e.g. com.microsoft.CompanyPortalMac
Okta is basically there and pretty close to release from what I understand but Entra isn’t quite ready yet and as others have suggested might not be for a couple more months.
Hope that helps.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
