Apple @ Work is brought to you by Mosyle, Apple’s only unified platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple platform, allowing businesses and schools to easily and automatically provision, manage and protect all their Apple devices. Over 32,000 companies use Mosyle solutions to automate the deployment, management and security of millions of Apple devices every day. Request a FREE account today and discover how you can put your Apple fleet on autopilot at a price you won’t believe.
In the podcast I did with Fraser Speirs from 2012 to 2017, I became very focuses on making identity a central part of the IT management experience. This period fell during the ongoing transition from on-prem servers and services to SaaS, which was becoming the norm. Apple’s vision for enterprise single sign-on continued with WWDC 2022, so let’s take a look at what’s been announced in relation to SSO, IDP, and Apple’s identity vision for the enterprise
About Apple@Work: Bradley Chambers managed an IT business network from 2009 to 2021. With experience deploying and managing firewalls, switches, a mobile device management system, enterprise-class Wi-Fi, hundreds of Macs and hundreds of iPads, Bradley will identify ways Apple IT managers deploy Apple devices , building networks to support them, educating users, stories from the IT management ditch, and ways Apple could improve its products for IT departments.
OAuth 2 support
In iOS and iPadOS 15, Apple used a simple access token authorization mechanism to allow the device management server to verify a user’s identity. In iOS and iPadOS 16, Apple takes it to the next level by adding OAuth 2 support. OAuth 2 support enables MDM servers to support a wider range of identity providers that are already compatible with OAuth 2. Instead of building a custom integration, MDM providers can use OAuth 2 with any provider that supports it.
Registration single sign on
Enrollment Single sign-on is a new way for personal devices to complete MDM enrollment and access enterprise apps and web SaaS platforms with a single authentication. Once you download an app that is compatible with Sign-in SSO, a user can be automatically signed in with their Managed Apple ID, which is synced to Azure AD or Google Workspace. To use SSO registration, you need the following:
- An app configured to support SSO for enrollment
- MDM solution that has been connected to an identity provider
- Managed Apple ID created in Apple Business Manager (or Apple School Manager).
- An MDM server configured to return information the app needs to authenticate the end user
Single sign-on at enrollment is not available at launch, but will be available in a future iOS 16 update.
Platform single sign-on
In macOS 13 Ventura, Platform Single Sign-On allows end users to sign in once in the macOS sign-in window and then also be signed in to apps and websites compatible with the identity provider used by the enterprise. An example of this would be logging into macOS with Okta in the login window and automatically logging into a Slack and Jira instance using the same IdP. Apple said platform is SSO the modern replacement for Active Directory binding (good relief).
Summary of Apple’s identity vision
Apple announced some exciting things regarding its vision for identity at WWDC 2022. These announcements are just the beginning of that process, as MDM and IdP vendors will need to build in support as Apple releases this functionality later in the iOS 16 and macOS Ventura release cycles, but the vision is indeed a compelling vision for the future of the identity in the workplace.
FTC: We use income earning auto affiliate links. More.
Visit 9to5Mac on YouTube for more Apple news: