Help

Platform SSO + PSE

pchrichard
Contributor

21 hours ago

We've trialled Platform SSO fairly successfully, I'd like to use this more broadly but have a user-friendly workflow which follows enrolment.

Using Prestage enrolment with SSO for account creation, only to then follow a separate process with company portal to register the mac in Intune and complete the user integration seems a bit odd, to a degree a duplicate step.  Has anyone developed a smooth workflow with platform sso integration and PSE?

0 Kudos
Reply
2 REPLIES 2

AJPinto
Honored Contributor III

17 hours ago

Unfortunately, there is not much that can be done. Even the Windows devices with Auto pilot have several logins users need to perform to fully setup and enroll their devices.

 

  • Logging in to enroll the device is authenticating against the Jamf Console (via Okta, Entra, whatever) and no tokens are created that can be passed to anything. You can technically pass the same username used to enroll the MDM to setup assistant for the 1st accounts username, but the user must still create a password which does not have to match the IDP password.
  • Entra registration is a mess as its functionally user based and not device based, so there is no way to enroll a device without user credentials being entered. 
0 Kudos
Reply

Shyamsundar
Contributor III

16 hours ago

Yes, with Platform SSO first we need to register the device from the Notification and if you are using Device Compliance we need to run the Register again from Self Service to send the compliance state to Entra. 

0 Kudos
Reply