[email protected] is brought to you by Kolide, endpoint security for teams using Slack. Kolide notifies your team via Slack when their devices are unsecured and gives them step-by-step instructions on how to fix the issue. Achieve your compliance goals using the most powerful and untapped IT resource: end users. Try Kolide for free today.

One thing that has become abundantly clear over the past few years with Apple’s integrations at work is that Active Directory binding is dead and integration with identity providers is the future. While it’s not something I would have ever predicted a decade ago, Apple’s willingness to create APIs for other companies to manage the Mac sign-in experience shows that the company understands its role in the business. This week, I want to see why Apple’s corporate expansion will continue to mature as it focuses on deep integration with other platforms.

About [email protected]: Bradley Chambers managed a corporate IT network from 2009 to 2021. With his experience deploying and managing firewalls, switches, mobile device management system, Wi- Fi enterprise, hundreds of Macs and hundreds of iPads, Bradley will highlight the ways Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management and ways Apple could improve its products for IT departments.


If an IT administrator were to describe the ideal macOS login experience for their end users, it would look like this:

  • Turn on Mac
  • Log in to macOS using the company IdP
  • All web applications and local applications are connected using the IdP

We have been close to integration so far. First, you can integrate certain systems into the macOS login experience to avoid needing only local accounts. Then, SSO providers like Okta streamlined the app login process. Finally, with macOS Catalina and iOs 13, Apple launched its single sign-on extensions unlocking authentications for apps and services using the credentials it had established with its IdP. Even with the SSO extension, users had to log in twice: once to unlock the Mac and once for apps. IdP was also late on updating this extension. Apple’s corporate expansion, however, focuses on much deeper integration.

Platform single sign-on: a true SSO reality

At WWDC 2022, Apple is stepping up its efforts to streamline the SSO experience on macOS. While discussing “What’s New with Apple Device Management”, Apple discussed platform single sign-on. In macOS 13 Ventura, Platform Single Sign-On allows end users to sign in once to the macOS sign-in window and then sign in to corporate identity provider-enabled apps and websites. An example would be to login to macOS using Okta in the login window and automatically connect to a Slack and Jira instance that uses the same IdP. Apple said that Platform SSO is the modern replacement for Active Directory Binding (good riddance).

Apple Enterprise Expansion Focuses on Deep IdP Integration

Apple’s willingness to cede this experience to third parties indicates that Apple’s business expansion is focused on the integration instead of building everything yourself. Yesterday I spoke with someone about buying “all-in-one” solutions rather than buying best-in-class solutions and then integrating. His comment to me was that best-in-class solutions now have APIs and deep integrations out of the box. Businesses now understand that their customers have many systems and need them to communicate with each other. Apple’s focus on expanding its APIs and SSO integrations shows it wants to be a company that IT admins love to deploy, build and defend. The easier macOS is to integrate into the software and IdP solutions businesses use, the more Macs they can sell.

[email protected] is brought to you by Kolide, endpoint security for teams using Slack. Kolide notifies your team via Slack when their devices are unsecured and gives them step-by-step instructions on how to fix the issue. Achieve your compliance goals using the most powerful and untapped IT resource: end users. Try Kolide for free today.

FTC: We use revenue-generating automatic affiliate links. After.


Check out 9to5Mac on YouTube for more Apple news:

About The Author

Related Posts