Apple Enterprise Expansion through IdP integration

Apple @ Work is brought to you by Kolide, endpoint security for teams using Slack. Kolide notifies your team via Slack when their devices are unsafe and gives them step-by-step instructions on how to fix the problem. Reach your compliance goals using the most powerful, untapped resource in IT: end users. Try Kolide for free today.

One thing that has become perfectly clear in recent years with Apple’s integrations at work is that Active Directory binding is dead and identity provider integration is the future. While not something I could have predicted a decade ago, Apple’s willingness to create APIs for other companies to manage the Mac login experience shows that the company understands its role in the business. This week I want to look at why Apple’s enterprise expansion will continue to evolve as it focuses on deep integration with other platforms.

About Apple @ Work: Bradley Chambers managed a corporate IT network from 2009 to 2021. Through his experience implementing and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, hundreds of Macs and hundreds of iPads, Bradley will highlight the ways Apple IT executives deploy Apple devices, build networks around them. support, train users, stories from the trenches of IT management, and ways Apple can improve its products for IT departments.


If an IT administrator were to describe the ideal macOS sign-in experience for their end users, it would look something like this:

  • Turn on Mac
  • Sign in to macOS with the company IDP
  • All web apps and local apps are signed in with IdP

We have been close to integration so far. First, you can integrate some systems into the macOS sign-in experience to avoid needing only local accounts. Then SSO providers like Okta streamlined app login. Finally, with macOS Catalina and iOS 13, Apple introduced its single sign-on extensions unlocked authentication for apps and services using the credentials it established with its IdP. Even with the SSO extension, users had to log in twice: once to unlock the Mac and the other for apps. IdP also lagged in updating for this extension. However, Apple’s business expansion is aimed at much deeper integration.

Platform Single Sign-On: A True SSO Reality

At WWDC 2022, Apple is doubling down on streamlining the SSO experience on macOS. When discussing “What’s New in Apple Device Management,” Apple discussed Platform Single Sign-On. In macOS 13 Ventura, Platform Single Sign-On allows end users to sign in once to the macOS login window and then sign in to apps and websites that are compatible with the company’s identity provider. An example is logging into macOS with Okta in the login window and automatically logging into a Slack and Jira instance that uses the same IdP. Apple said Platform SSO is the modern replacement for Active Directory binding (cleaned up).

Apple Enterprise Expansion focuses on deep IdP integration

Apple’s willingness to relinquish this experience to third parties indicates that Apple’s business expansion is focused on integration instead of building everything yourself. I spoke to someone yesterday about buying “all-in-one” solutions versus buying the best solutions and then integration. His comment to me was that the best solutions now have deep APIs and integrations out of the box. Companies now understand that their customers have many systems and need them to talk to each other. Apple’s focus on expanding its SSO APIs and integrations shows that it wants to be a company that IT administrators love to deploy, build with, and advocate for. The easier macOS can be integrated into the software and IdP solutions that businesses use, the more Macs they can sell.

Apple @ Work is brought to you by Kolide, endpoint security for teams using Slack. Kolide notifies your team via Slack when their devices are unsafe and gives them step-by-step instructions on how to fix the problem. Reach your compliance goals using the most powerful, untapped resource in IT: end users. Try Kolide for free today.

FTC: We use auto affiliate links that generate revenue. More.


Check out 9to5Mac on YouTube for more Apple news:

Leave a Comment