I'm not sure if this functionality exists for MacOS, but it does for Chromebooks, and it's pretty amazing, so we'd like to leverage it for our iMac labs at the very least, and if it works there maybe go org-wide with it. The problem is I'm not sure what method to attack this problem with.
Currently our iMacs (like the rest of our Apple computers) are AD bound. Users log in with a mobile account, and use Enterprise Connect for password management.
I know that Macs support Kerb/SSO authentication, and also that Google's SecureLDAP can work for macOS as well, but what I really want is for the login screen to show me a Classlink login page so users can sign in with a QR code badge.
Since our Google accounts use Classlink as their IDP and show the splash page when you try to log into them via web browser, I started going down the rabbit hole of getting a test machine bound to Google Secure LDAP, thinking it might spawn a splash page for Classlink login. But now I'm realizing that mechanism probably won't happen.
I realize I'm sort of rambling here, but I'd be interested in anyone else's experience getting to an IDP login screen on MacOS where you can scan in using a badge, regardless of platform or mechanism.