What’s ahead for Identity Management and SSO on Apple Devices
The only thing between us and work are too many passwords, logins, compliance hoops and more. Thankfully, Apple has announced new features to make this process much more streamlined. With companion apps like JAMF and OKTA installed, getting on your computer and securely accessing your apps will be a breeze.
Here is what’s new in the space-
What is Single Sign-on? (SSO)
Single Sign-on (SSO) enables users to access multiple applications with one set of credentials. Instead of having to remember separate usernames and passwords for each application, SSO lets users authenticate once with a single set of credentials, saving them time and making it easier to manage their accounts.
What is Identity Management?
Identity Management is a process of defining and managing how users access, use and interact with systems and services. Identity Management defines who can access what systems, when they can access them, as well as what specific data they are allowed to view or modify.
How the Original SSO Single Sign-on Extension works with Apple: (Circa 2019)
In 2019 Apple introduced the SSO Extension (SSOe). This extension provides a great way for developers to allow users to log in to their app securely with credentials stored in a companion app like OKTA. The SSO Extension allows developers to extend the user login flow and add additional security measures such as two-factor authentication and identity verification. This authentication happens via a companion app on a per application basis and is not tied to your main login of the computer.
What is Platform Single Sign-on Extension (PSSOe) Coming in Ventura? (New in 2022)
Apple has announced a new Platform Single Sign-on Extension (PSSOe) for Ventura and later OS. This new feature is designed to provide the same secure user authentication as the original SSO Extension, but with enhanced security measures tailored specifically for the native login experience. PSSOe will enable an add a layer of identity management on top of their application, allowing users to access multiple applications using one set of credentials. This will help streamline the user experience and make it much easier for users to securely manage their accounts. The authentication all happens at the login of the device and no longer requires re-authenticating. Imagine logging into to your device and using all your apps securely with no needed passwords.
Also new is Apple Enrollment Single Sign-on for BYOD:
Apple also announced a new form of SSO for BYOD users called Apple Enrollment Single Sign-on. This feature will allow you to quickly and securely onboard devices with an easy sign in process. It will leverage the existing credentials stored on the device and link them with their cloud identity provider, this is the first time SSOe has been brought to mobile devices.
JAMF, OKTA and Apple, how authentication can be easier now:
The combination of JAMF, OKTA and Apple is making authentication easier for users. By leveraging the existing credentials stored on the device, you can provide users with a seamless sign in experience no matter which app they are using. Apple’s new Platform SSO Extension will further enhance this experience by providing an additional layer of security and identity management on top of the user login process. The future is looking bright for making secure login an identity management usable for end users.
The goal is to make logging in easier, reduce password fatigue and strengthen security for users without sacrificing convenience. With these new features from Apple, identity management and SSOs are about to get a whole lot simpler.
Two great articles for more information are:
https://www.jamf.com/blog/wwdc-2022-sso-extension/
https://www.okta.com/oktane22/sessions/future-identity-and-sso-apple-devices/
If you love the idea of quickly accessing your apps without a password but don’t want to set up or manage all the required tools, we can help.
