Authentication & Identity Integration
Single Sign-on for Apple users
Make authentication seamless
The Authentication & Identity Integration Services engagement delivered by Apple Professional Services (APS) can help your IT team integrate your Apple users into a single sign-on (SSO) based authentication environment. For Active Directory (AD) environments, this engagement simplifies the process of acquiring a Kerberos ticket-granting ticket (TGT) from your organization’s AD domain, allowing users to seamlessly authenticate to resources like websites, apps, and file servers.
Enable your users to access network resources easily
With Authentication & Identity Integration Services, you can help users easily access AD resources without binding to AD or calling IT for help. APS consultants can work with other identity management solutions that support SSO extensions in macOS, iOS, and iPadOS. And they can also help optimize your mobile device management (MDM) environment to support your SSO solution.
The Authentication & Identity Integration Services engagement includes:
Validating your MDM deployment settings
Configuring SSO extensions
Customizing device enrollment settings
Kerberos Single Sign-on
Automatically acquire and renew a Kerberos TGT.
Authenticate to Kerberos-enabled services.
Authenticatetofileshares,printqueues, and more.
Leverage local and/or AD mobile accounts.
Password Management (macOS and AD only)
Change your AD password directly or redirect to a web-based identity management system.
Display password requirements with live validation during password changes.
Sync Mac login password to AD password.
Notify users when passwords will expire via Notification Center.
Customization and Automation
On macOS, execute custom scripts at specific triggers:
Run a connection completed script to perform an action after every successful connection to AD.
Run password change scripts after users change an AD password.
Customize Apple device enrollment for MDM solutions that support customization.
Smart Card Support
Streamline Mac integration for CryptoTokenKit compatible smart cards.