In practice, the SSO platform is not ideal. It is designed for implementations of Byod and one by one where each user has their own MAC and does not match the directory service for Mac that support multiple users. Although widely employed, there may be situations in which it is not compative.
Although Apple provides limited administrator tools to use the SSO platform, third -party suppliers have created better implementations, including Jamf Connect, Kandji Passportand Simplemdm. These tools also simplify the support for multifactorial authentication and user access to a MAC, often replacing the standard macOS login window. But they also require another investment in cost, time and complexity.
Identity and MDM
The mobile device management (MDM) software interacts with business identities through Apple Business Manager. Once the MDM configuration is in place and is connected to Apple Business Manager, you can access users, devices and groups available for Apple Business Manager and use them to provide devices and manage configuration profiles; handle user account assignments; and send MDM commands. (The MDM service, not Apple commercial manager or any federated identity provider, stores the data required for these functions).
#Apple #Identity #Management #ins #outs
