October 29, 2025
Workspace ONE Access supports Platform SSO for Apple macOS
- Last updated 10/29/2025
-
Technology vendors spend a great deal of time and money making their products simpler and easier to use. Engineers spend uncountable man hours trying to break down points of user frustration because just a little bit of extra useability can create great advantage in the market. One such source of frustration is the need to remember/store/manage a horde of passwords just to be able to function in one’s daily job.
Omnissa Workspace ONE alleviates much of the frustration related to password profusion with single sign-on (SSO) capabilities. Workspace ONE and Intelligent Hub provide secure, single-click login to all types of applications without the need to remember separate usernames and passwords. But even this exceptional SSO functionality is limited in scope, and organizations have historically paid for 3rd party add-ons to extend the reach of SSO to local Mac devices.
Apple Platform SSO
For macOS devices, administrators were forced to create local accounts or pay for 3rd-party tools to deliver SSO. To address this, Apple introduced Platform SSO, a modern framework that enables users to sign in to their Mac using their corporate Identity Provider (IdP) credentials and enables single sign-on to applications protected by the IdP. This unlocks their local Mac account and seamlessly authenticates to a wide array of applications, websites, virtual desktops and services that are federated with the same IdP.
Workspace ONE UEM 23.10 introduced support for IT admins to configure Sonoma based Macs with Platform SSO through the integration of IdPs such as Okta & Entra ID.
Introducing Platform SSO with Workspace ONE
We are now introducing support for Workspace ONE UEM to configure Platform SSO using Omnissa Access as an IdP and identity broker. IT admins can now allow Omnissa Access users to log into their Mac devices using their IdP credentials.
Admins use Workspace ONE UEM to configure and manage Platform SSO, deploying the necessary profiles and settings to Macs. Platform SSO extends single sign-on directly to the macOS login, meaning the user's IdP password becomes synchronized with their Mac password. It can facilitate the creation of local macOS user accounts directly from IdP and can also synchronize IdP password policies and enforce them on the local password.
How it works: Platform SSO + Intelligent Hub + Omnissa Access
Platform SSO is delivered through Apple SSO Extension, which allows the creation of app extensions that integrate with the OS to provide SSO capabilities. Workspace ONE Intelligent Hub bundles the SSO extension that enables identity integration into macOS devices.
During registration, SSO Extension redirects authentication to Omnissa Access, which prompts user authentication and allows users to log into macOS devices. Platform SSO with Omnissa Access also supports Access functioning as an Identity Broker, enabling users from third party IdPs integrated with Omnissa Access to authenticate. This is achieved through OIDC password grant flow configured between Access and third-party Identity providers, allowing federated authentication between IdPs using passwords. Most major Identity Providers, such as Ping, Okta, OneLogin and Google Workspace are supported in this integration.
Conclusion
Platform SSO with Workspace ONE UEM and Omnissa Access marks a major milestone in macOS user management. The solution makes 3rd party add-ons unnecessary, saving organizations money while improving security posture.
