Platform SSO

Question

We are testing the PSSO with the Secure Enclave method. 
When setting the Account Authorization Type as Standard in the PSSO configuration, we've observed that post-registration, Mac local user accounts with Admin access are downgraded to Standard user accounts.
Conversely, when utilizing Account Authorization Type as Admin in the PSSO configuration, we've noted that post-registration, Mac local user accounts with Standard access are elevated to Admin accounts.
wherein user accounts are not inadvertently changed from Admin to Standard or vice versa. any hints on this?

kylegilmore · Answer

We are looking into PSSO also and it looks like the key needed would be UserAuthorizationMode set to Groups then setting the required groups in the AdministratorGroups, AdditionalGroups, or AuthorizationGroups key. Don't beleive Group authorization is supported by all identity providers (know Entra only supports Standard and Admin at the moment), so will results may vary.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded