Endpoint Services, macOS Single Sign-On (SSO) Extension, Getting Connected

A guide to setting up the native Single Sign-On extension on macOS.

Affected Customers

University of Illinois faculty, staff, and students with the Single Sign-On Extension on their IT-managed Macs.

Actions

General Information

Apple's native single sign-on (SSO) extension helps keep Mac login passwords synced with the campus Active Directory, greatly reducing the incidence of keychain-related issues. Some campus IT Pros may choose to deploy the SSO extension to the Macs they manage. Because AD password syncing works only with local accounts, Apple recommends that existing mobile accounts be converted to local accounts. Mobile accounts using the SSO extension will still encounter keychain issues following campus password changes. Your unit IT Pro can assist with mobile-to-local account conversion.

Please note that macOS 10.15 (Catalina) is the earliest version of macOS on which the SSO extension is supported by Apple.

Getting Connected

Initial setup of the SSO extension requires the Mac to be on the campus wired or wireless network, or connected to the campus VPN from an off-campus network.

  • The first time you log in to the Mac after the SSO extension is installed, a sign-in dialogue will open automatically. Enter your netID in the Username field and your campus password in the Password field, and click the Sign In button.

    SSO sign-in


  • Click Yes when asked if you would like to automatically sign in from now on.

  • SSO auto signin

  • A new dialogue will ask for your Active Directory and Mac passwords, to verify that they match.

    SSO password verify

  • If the passwords don't match, the extension will sync them by changing your Mac password to match your Active Directory password.

    SSO synced

  • Note: some mobile hot spots may prevent the SSO extension from connecting due to mobile carrier policy.

Getting Reconnected

When you return from an offline or off-campus state to an on-campus state, the SSO extension should automatically reconnect, but if it does not, go to the key-shaped SSO icon in the top menu bar and select Reconnect.

SSO reconnect

Password Changes

After a campus password change, the SSO extension will notify you that you are signed in with incorrect credentials and prompt you for your current password.

The SSO menu offers a convenient Change Password menu option, which will open the NetID Center.

Getting Help

For questions about the SSO Extension, please consult your IT department.




Keywords:eps apple enterprise connect aec munki ws1 "apple enterprise connect" sso single sign sign-on extension   Doc ID:113047
Owner:EPS Distribution List .Group:University of Illinois Technology Services
Created:2021-08-13 12:42 CSTUpdated:2021-08-18 13:57 CST
Sites:University of Illinois Technology Services
Feedback:  0   0