PlatformID™ Apple's Platform SSO

From Studentnet Wiki
Jump to navigation Jump to search

Apple's Platform SSO: An independent status update

In a significant first for local innovation, Cloudwork® is proud to advise the availability of Cloudwork PlatformID™ v1 supporting Apple Mac's Extensible SSO and Platform SSO v1.

Schools planning their 2024 device management need to know more about the status and relevance of this announcement.

ApplePSSOArchitecture.jpg

Let's start with a quick re-cap:

Apple announced both Extensible SSO and Platform SSO v1 at their June, 2022 WWDC. The announcement stated:

  • Extensible SSO will allow seamless single sign-on for users, instead of separate sign-ons for device access, apps and websites.
  • Platform SSO allows school administrators to use identity provider (IdP) credentials to centrally manage passwords, permissions and group memberships.
  • To support these new features, Identity Providers needed to build an installable extension for the managed Mac devices.
  • At the time of announcement, very scant details or documentation were available to Identity Providers to build this new extension.
  • Cloudwork responded to these announcements by committing to providing support for both Extensible and Platform SSO.

In a significant first for local innovation, Cloudwork® is proud to advise the availability of Cloudwork® PlatformID™ v1 supporting Apple Mac's Extensible SSO and Platform SSO v1.

Using Jamf Pro as the Mobile Device Manager (MDM) and Cloudwork® as the Identity Provider we'd like to walk you through an end-to-end experience starting from a clean Mac moving on to password synchronisation and desktop and web sign-on integration. The walk through can be experienced via these four videos:

But the story does not end there.

At the June 2023 WWDC Apple announced the availability of Platform SSO v2, significantly enhancing its functional range and value:

  • Supports local accounts: Platform SSO is designed to be a modern replacement for binding to directory services.
  • Integrates into macOS: Platform SSO is integrated with macOS and doesn't use JavaScript or render webpages for authentication.
  • Creating users on demand: New local user accounts can be created on demand at the login window using IdP credentials.
  • Integrates IdP group membership with macOS: Mobile device management (MDM) configurable groups can be used to manage account permissions.
  • Enables the use of network accounts for Authorization: Groups can also be used to authorize network accounts.
  • Supports multiple authentication methods: Platform SSO supports many different authentication methods with an IdP.

Cloudwork® has built support for PlatformSSO v2 into Cloudwork's PlatformID™ feature.

Platform v2 is available for early release. A video demonstrating v2 in operation is available here Cloudwork PlatformID v2

There's a lot in this announcement.

Start your 2024 planning process now! Contact us to arrange a planning session to work through the best options for your school community.