Omnissa Workspace ONE UEM streamlines user log-in experience on Apple macOS with Platform SSO and Okta

One key component that helps drive positive employee experiences is ease of use. Yet for years organizations have forced their workers to remember multiple credentials for devices, intranets, and applications. For employees, remembering myriad passwords is a source of frustration and a situation that can lead to a slew of IT tickets. Users must search for their saved passwords, and they often get locked out of networks and applications. It is an old problem that puts a damper on productivity and uses up valuable IT support staff cycles. 

Workspace ONE has long delivered an exceptional single sign-on (SSO) experience for applications that helps solve a big part of the problem. Employees can use their corporate credentials to log in to applications without having to remember separate usernames and passwords. 

However, on Apple macOS, users have historically needed a separate local user account to log in to their device, and IT admins were forced to leverage costly add-ons or third-party solutions to manage macOS local user accounts. In macOS Sonoma, Apple eliminated the need for additional solutions like Jamf Connect when they introduced Platform Single Sign-On (Platform SSO) to allow users to log in to a Mac with their centrally managed corporate credentials. 

Seamless user experience with Workspace ONE and Platform SSO

Omnissa Workspace ONE^® already provides a seamless zero-touch enrollment, onboarding, and application SSO experience. With Platform SSO, Workspace ONE UEM can eliminate the pain of managing macOS local user accounts and multiple user credentials. 

Workspace ONE can be used to configure Platform SSO for macOS during enrollment so users can log in with their corporate credentials instead of a local account. Platform SSO integrates with the organization’s chosen identity provider (IdP) to sync a user’s corporate credentials with a macOS user account.  

Workspace ONE + Okta

In Workspace ONE UEM 23.10, we introduced the Platform SSO profile keys that allow IT admins to configure Sonoma-based Macs with Platform SSO and Okta. Platform SSO is configured from the Workspace ONE console by assigning a macOS profile to a group of devices. The SSO profile offers all the Platform SSO configuration keys required to integrate with Okta.  

Apple’s Platform SSO feature requires third-party IdPs to support the authentication protocol, and Okta was the first IdP to implement support. Okta has adopted Apple’s Platform SSO in a feature within their platform called Desktop Password Sync, which is part of their Device Access offering.  

Okta Device Access allows end users to authenticate into their Macs using their Okta credentials — directly on the macOS login screen via Platform SSO. For more information on Okta’s support for Platform SSO, see this blog.  

How to get started with Workspace ONE UEM, Okta, and macOS Platform SSO 

Using Workspace ONE UEM, Okta Device Access offering, Desktop Password Sync, and Okta Verify, IT admins can provide seamless access to macOS devices and applications.  

We have released a Workspace ONE UEM operational tutorial to guide you through setting up macOS Platform SSO using Okta and Workspace ONE UEM. You will need Workspace ONE UEM 23.10 and the macOS Data-Driven UI (DDUI) feature flag enabled to access Platform SSO settings. View this detailed tutorial to get started setting up your Platform SSO within Workspace ONE.