I’ve tried testing a few times with Tahoe Beta and now Release and can’t get a Platform SSO to trigger an account creation. I’m tried just scoping profiles to target workstations, adding the profile as well as adding the profile to my Pre-stage. What am I missing? PSSO works great once an account is created, however I can’t get the Tahoe specific options to occur.
Solved
Platform SSO with Account Creation
+16Best answer by McAwesome
It’s not triggering because it requires changes on the IDP’s side of things that are not available yet.
Note: As of this writing, there are no publicly-shipping Platform SSO applications that support Simplified Setup for PSSO. We will update this blog once we learn more.
https://www.jamf.com/blog/macos-26-platform-sso-simplified-setup/
After the Mac receives this updated profile, the next time a new user attempts to log in via Platform SSO, the system will not only authenticate them with your IdP but will also proceed to create their local account, solving the issue you've been experiencing. hhaexchange+
+16That may be correct, however it doesn't address the party-piece apple added for macOS Tahoe:
Activate and enforce Platform SSO during Automated Device Enrollment to authenticate the enrollment, sign in with a Managed Apple Account, and create a local user.
what you described is not the ABM process.
It’s not triggering because it requires changes on the IDP’s side of things that are not available yet.
Note: As of this writing, there are no publicly-shipping Platform SSO applications that support Simplified Setup for PSSO. We will update this blog once we learn more.
https://www.jamf.com/blog/macos-26-platform-sso-simplified-setup/
+16Patience is a virtue - if I'd just waited I'd probably have seen that article before posting. Thanks for the heads-up.
+9I’m waiting to start testing both of these features. I was hopeful that I could during macOS Tahoe beta but it hasn’t happened.
Along with Authenticated Guest Mode is the ability to use NFC-based Access Keys (stored in Apple Wallet on iPhone) to “tap to login” on a Mac with IdP credentials. This workflow can be paired with Authenticated Guest Mode for temporary users on a Mac.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.