Thanks for being a part of WWDC25!

How did we do? We’d love to know your thoughts on this year’s conference. Take the survey here

Seeking Guidance for Implementing Platform SSO

App & System Services Core OS
skappdevloper
skappdevloper OP
Created Feb ’24
Replies 3
Boosts 0
Views 852
Participants 3

Hello everyone,

I'm currently in the process of implementing platform SSO (Single Sign-On) in macOS and could use some guidance. I find myself a bit confused during the device registration phase, particularly because my Identity Provider (IdP) needs to support it. I'm wondering if Platform SSO will handle this automatically or if there are specific steps I need to take.

Additionally, I'm unsure whether I need to share the device signing and encryption key in my identity. Could someone please clarify this for me?

Finally, I would greatly appreciate it if someone could provide me with some sample code or starting pointers to help me get started on the right track. More into apart from OpenID, SAML protocol what else the Idp needs to change to support Platform SSO.

Thank you in advance for your assistance!

Answered by DTS Engineer in 780748022

Are you working for this identity provider?

Or are you trying to build a Platform SSO app for some other identity provider?

This matters because, in the first case, you express that relationship using an associated domain. If you can’t do that, there’s really no path forward.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  3
Boosts  0
Views  852
Participants  3
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
Feb ’24
Recommended

Are you working for this identity provider?

Or are you trying to build a Platform SSO app for some other identity provider?

This matters because, in the first case, you express that relationship using an associated domain. If you can’t do that, there’s really no path forward.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
theirongiant
theirongiant OP
May ’25

Hi there Quinn "The Eskimo" @DTS Engineer,

As an Apple device administrator currently testing Platform SSO at our company with Microsoft Entra and the Company Portal app, I was wondering where the icon comes from that is shown in Notification Center, and in the SSO Registration popup.

The only "major" identity providers with robust support for Mac PSSO right now are Okta and Microsoft.

I've dug through the Company Portal app bundle and I found AppIcon.icns, but I can't find any references to setting the icon in Apple's developer documentation (I even went through the Extensible SSO section page by page).

Could you perhaps point me in the right direction?

Is there any way to set a custom logo today?

Finally, have you seen any feedback where customers (not developers, but businesses implementing Platform SSO) are asking for the ability to customize the logo displayed to their end user?

Thanks!

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
May ’25
have you seen any feedback where customers … are asking for the ability to customize the logo displayed to their end user?

No, but I wouldn’t have because I don’t interact with device managers on a regularly basis. My job in general, and Apple Developer Forums specifically, is focused on code-level problems, so I don’t maintain expertise in deployment issues. I generally redirect such questions to Apple Support Community, run by Apple Support, and specifically in the Business and Education topic area, where you’re more likely to find folks with relevant experience.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Seeking Guidance for Implementing Platform SSO
First post date Last post date
 
 
Q