Forum Discussion

PatrickF11's avatar
PatrickF11
Steel Contributor
May 24, 2024

Platform SSO for macOS not working

(Update after long troubleshooting: the two main issues until now were: Leading and/or trailing spaces in the configs > They lead to visible and unvisible errors! When using in europe you need to re...
Intune
macos
Mobile Device Management (MDM)
Platform SSO
PSSO
RussMeyer-Epik's avatar
RussMeyer-Epik
Copper Contributor
Jul 05, 2024

having the same issue, granted its not going through apple business manager...sonoma 14.5 and fully enrolled, just no alert to finish it...company portal is now "register your mac using your work or school account", but again no alert...one part not done per the doc is the apple business manager

  • Kishoth_P's avatar
    Kishoth_P
    Copper Contributor
    Jul 06, 2024

    RussMeyer-Epik & PatrickF11 
    Hi Patrick & Russ, 

     

    I saw your post regarding Platform SSO configuration and would like to understand in detail on the current status and what is the exact error you are receiving?

    Were you able to completely test the end to end workflow of PSSO?
    Were you able to sync your Azure Entra ID password to the local account you created?

    Background(I have implemented PSSO successfully in my organisation with the desired results of the pop-ups leading to successful password sync and registration. Hence please share me your current test case results by which I can share you the guide or necessary screenshots to resolve your issue.
    Looking forward to hearing from you....

     

    Regards,

    Kishoth P 

    • PatrickF11's avatar
      PatrickF11
      Steel Contributor
      Jul 09, 2024

      Hey Kishoth_PPlatformer , RussMeyer-Epik  thanks for participating in this topic. 🙂

      What should i outline?

      • The current configuration of mine is already screenshoted in this thread, a few posts above yours. I've attached the current settings catalog screenshot again at the end of this post.
      • The company portal now gets installed correctly after removing all the app bundle ids except from the main one (Screenshot attached below)(Kudos to Platformer). Currently i don't think this has anything to do with the main issue that PSSO isn't working (But i really don't know why MS doesn't describe the issue with the bundle-IDs in their docs?! Every administrator following the ms docs should have 100% errors in deploying company portal app to macOS)
      • The "registration required" PopUp (Screenshot attached below) isn't showing up to complete the process, so: No, PSSO isn't working at all. The only way of logging in to the system is with the one local account with the initial set local password.

       

      Platformer I can recreate the error in your screenshot as you mentioned (Settings \ Passwords \ PW options \. ..). So we're both in the exact same situation. Great, isn't it? 😉

       

      What do you mean with minimum authorization in your entra id? What i can tell regarding my environment: We're using cloud-only identities, no on-premises active directory. I don't think your're having issues with the entra id accounts. Of course you should use entra id connect for example to sync your on-prem identities to azure-ad / entra id so you're working with "one account" and not with two seperate ones for on-prem auth and cloud auth.

       

      RussMeyer-Epik: Thanks for your information. But others than yours, mine (and i think the one from Platformer too) is configured via Apple Business Manager (Automated Device Enrollment).

      But: Where are trailing spaces? Every time i copy & paste something i check twice if there are trailing or leading spaces, so i can guarantee, there are no wrong spaces in my configuration.

       

       

      Current settings catalog for platform sso:

      Company Portal Installation:

      Missing pop-up "registration required"

       

      • RussMeyer-Epik's avatar
        RussMeyer-Epik
        Copper Contributor
        Jul 09, 2024
        PatrickF11 - it was on the Extension Identifier...one thing I see missing is the Token to User mapping, granted that is only needed for Apple Business integration so that it builds the local account on OOBE...since my enrollment was not include Apple Business, the company portal was a direct install vice intune (working on getting apple business online for future devices)
    • RussMeyer-Epik's avatar
      RussMeyer-Epik
      Copper Contributor
      Jul 06, 2024

      Kishoth, I just dont get the popup to finish registration...from what I read that is the only way to kick it off...the rest of intune and profile is good...in the intune config profile I have set to password...give me a bit and I can upload the config profile...but since Apple Business Manager is not in the loop, this is manual enrollment via company portal

       

       

      • RussMeyer-Epik's avatar
        RussMeyer-Epik
        Copper Contributor
        Jul 06, 2024
        Configure an app extension that enables single sign-on (SSO) for devices.
        Screen Locked Behavior
         
        Do Not Handle
        Registration Token
         
        {{DEVICEREGISTRATION}}
        Platform SSO
         
         
        Authentication Method
         
        Password
        Token To User Mapping
         
         
        Account Name
         
        preferred_username
        Full Name
         
        name
        Use Shared Device Keys
         
        Enabled
        Team Identifier
         
        UBF8T346G9
        Extension Identifier
         
        com.microsoft.CompanyPortalMac.ssoextension

Resources