#!/bin/bash#Determine PSSO status of current console user logged in at
time of recon#Get current user logged in to devicecurrentUser=$(
/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F':
' '/[[:space:]]+Name[[:space:]]:/ { if ( ...
Configure Kerberos SSO for Microsoft Entra Platform Single Sign-On
Reference:
https://learn.microsoft.com/en-us/entra/identity/devices/device-join-macos-platform-single-sign-on-kerberos-configuration
The native Kerberos Single Sign-On (Kerberos SSO) ...
Updated 9 OCT 2024: NOTE: Okta Verify appears to have rolled back to
9.23.0 as the official release which is working in macOS 18.1 beta 6.
iOS SSOe support appears to be working in 9.24.1 with iOS 18.1 beta 6.
Limitations and Requirements Apple has m...
As I'm writing articles, I'll update this page with the latest articles:
Updated 23SEPT2024 What is Platform Single Sign-On - An overview of the
technology and how it works
https://community.jamf.com/t5/jamf-pro/what-is-platform-single-sign-on/td-p/3...
Troubleshooting steps Extensive trouble shooting steps are available
from Microsoft at:
https://learn.microsoft.com/en-us/entra/identity/devices/troubleshoot-mac-sso-extension-plugin
Removing PSSOe from a user account To force an update to a user acc...
This is specific to the Microsoft Entra ID implementation of PSSO and
even more specific than that, using the "Secure Enclave key"
authentication mode. In this specific mode, think of PSSO as an upgrade
to SSO you're using right now. Instead of a sec...
At this time, keys that are not explicitly called out to be set in the
configuration profile are not supported by Microsoft. For privilege
access management, I would highly recommend using a tool like Jamf
Connect or the SAP-Enterprise-Privileges app...
Nope, you’re not missing anything. Not every application will work with
single sign-on extensions. You should contact Microsoft for additional
support. With the Outlook ant Word apps you mentioned, the user should
still need to enter a user name, but...
Sorry for the delay – the wonders of the holiday season and vacation
time!The logs you are seeking are not going to be in JCC – you want to
check the logs in Okta instead. The error message you are seeing usually
occurs when there is a Security -> Gl...
You could, if you wanted to tempt fate, remove the attribute manually
via dscl . delete /Users/$USERNAME and the attributes. Personally, I'm
not sure of the utility of that. If you remove the PSSO config profile
from the device, the key is effectivel...
The man, the myth, the mohawk. Senior Consulting Engineer, Identity and Access Management. Often seen in an Airstream trailer performing extreme social distancing. Offers a strict SaaS model for delivery - Sarcasm as a Service.
