Limitations and Requirements Apple has made two revisions to the PSSOe
framework. V1 allowed for Password authentication and can be used with
macOS Ventura and greater. V2 added functionality for authentication
with PSSOe to include SmartCard and Sec...
As I'm writing articles, I'll update this page with the latest articles:
What is Platform Single Sign-On - An overview of the technology and how
it works
https://community.jamf.com/t5/jamf-pro/what-is-platform-single-sign-on/td-p/320251
Configure PSS...
Troubleshooting steps Extensive trouble shooting steps are available
from Microsoft at:
https://learn.microsoft.com/en-us/entra/identity/devices/troubleshoot-mac-sso-extension-plugin
Removing PSSOe from a user account To force an update to a user acc...
End User Experience Reference:
https://learn.microsoft.com/en-us/mem/intune/configuration/use-enterprise-sso-plug-in-macos-with-intune?tabs=prereq-jamf-pro%2Ccreate-profile-jamf-pro#end-user-experience
Secure Enclave After the configuration profile f...
Current Public Preview Limitations What is Public Preview As of 15 JUL
2024, Microsoft Entra ID support for Platform Single Sign-On extension
(PSSOe) is currently in Public Preview. As such, supported features and
deployment information is subject to...
Yes, Michael Epping and Mark Morowczynski will be back at JNUC this year
and we'll be presenting this information as well as the extremely
helpful technical security background behind PSSOe. Also recommend
watching the Penn State University MacAdmins...
For anyone following this topic, we have some remediation documented at
https://www.jamf.com/blog/entra-id-platform-sso-device-compliance/ [link
updated 4APR2024]
Scroll back up in the article and search for the phrase “With Identity
Engine and Jamf Connect as a Custom OIDC app, create a security policy
that:” and you’ll find the documented global session policy and
authentication policies.It sounds like you’r...
https://github.com/jamf/jamfconnect/tree/main/azure_conditional_access
has the current guidance (just substitute "Entra ID" for anytime I say
"Azure." Create the custom security attribute. Apply the custom security
attribute as an "exception" to any ...
The man, the myth, the mohawk. Senior Consulting Engineer, Identity and Access Management. Often seen in an Airstream trailer performing extreme social distancing. Offers a strict SaaS model for delivery - Sarcasm as a Service.