- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2025 01:32 PM
our users have to authenticate about 3 times during enrollment.
1st to authenticate / start enrollment
2nd time to create local account
3rd time to authenticate to Zscaler
We use Entra as our iDP and everything is setup fine in JAMF Connect as existing users are able to authenticate to Azure without issue. Is there a way to have the Mac store the SSO credentials so it can be passed to other apps during enrollment? We are using Device Compliance...finally got rid of Conditional access..TIA
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2025 05:41 PM
- There is no way to pass your enrollment credentials to anything.
- If you are using Jamf Connect, the user must enter their IDP credentials.
- If you are using macOS's activation assistant you can precan the user name, but the user must still create a password on the device.
- You should be able to pass a ticket to zscalar from PSSO or Jamf Connect for SSO. We use MFA and just prefill the UPN for security reasons make the user provide their password.
- Reach out to Zscaler, they have a fairly competent Mac support team. I'd wager they have the configuration profile handy to make SSO work.
There is no way to get this to less than 2 log ins without disabling authentication for device enrollment.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-02-2025 05:41 PM
- There is no way to pass your enrollment credentials to anything.
- If you are using Jamf Connect, the user must enter their IDP credentials.
- If you are using macOS's activation assistant you can precan the user name, but the user must still create a password on the device.
- You should be able to pass a ticket to zscalar from PSSO or Jamf Connect for SSO. We use MFA and just prefill the UPN for security reasons make the user provide their password.
- Reach out to Zscaler, they have a fairly competent Mac support team. I'd wager they have the configuration profile handy to make SSO work.
There is no way to get this to less than 2 log ins without disabling authentication for device enrollment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-03-2025 03:48 AM
thanks for the reply...make sense for what I am trying to do...I am also playing with the pSSO for Entra, maybe I can make some headway with that...
