In practice, Platform SSO is not ideal. It’s designed for BYOD and one-to-one deployments where each user has his or her own Mac and doesn’t match as well as directory service binding for Macs that support multiple users. Although broadly employed, there may be situations where it isn’t supported.
While Apple provides limited administrator tools for using Platform SSO, third-party vendors have created better implementations, including JAMF Connect, Kandji Passport, and SimpleMDM. These tools also simplify support for multifactor authentication and user access to a Mac, often replacing the standard macOS login window. But they also require another investment in cost, time and complexity.
Identity and MDM
Mobile Device Management (MDM) software interacts with enterprise identities through Apple Business Manager. Once the MDM setup is in place and connected to Apple Business Manager, it can access users, devices and groups available to Apple Business Manager and use them to provision devices and manage configuration profiles; handle user account assignments; and send MDM commands. (The data required for these functions is stored by the MDM service, not Apple Business Manager or any federated identity provider.)
Source link
-
-
-
-
-
-
-
-
