Video: Apple IT Tech Camp Spring 2023

Implementing Platform SSO with Okta and Jamf

Watch Now

Single Sign On Extension

Seamless app login with phishing-resistant credentials, powered by Okta Verify and FastPass.


Platform SSO

Native macOS account password synchronization with Okta and streamlined FastPass onboarding.


Enrollment SSO

Simplified BYOD onboarding with improved security for iOS and iPadOS devices.


A Single App for Single Sign On

Okta FastPass implements Apple's Single Sign On Extension, delivering unparalleled authentication experiences within native apps and browsers on macOS, iOS, and iPadOS. Jamf Pro deploys the Okta Verify app and required configuration profiles to user devices to enable FastPass, making onboarding seamless.

Once the user authenticates themselves and registers their devices with Okta Verify, they are able to effortlessly login to their organization's apps with a scan of their face or fingerprint – without having to type a password or action a multi-factor authentication prompt.


Multiple Factors, One Device

Users aren't the only people delighted by FastPass and Single Sign On Extension, identity and security teams are as well. As many of us know, passwords are easily compromised. Increasingly, secondary factors are also falling victim to novel forms of phishing attacks. But by using FastPass identity admins are able to easily deploy a phishing-resistant authentication factor without the complexity and cost associated with physical tokens. Coupled with biometrics like Touch ID and Face ID, would be attackers are effectively stopped in their tracks.

For even further protection, management attestation can be implemented to ensure that only devices that are managed by Jamf Pro can login to all or select applications. These strongly attested user and device identities are a cornerstone of Jamf's Trusted Access architecture that is designed to enable secure from-anywhere work.


Native Password Sync and FastPass Activation

Introduced in macOS Ventura, Platform SSO enables users to link their local macOS account with their Okta identity through a simple, Mac-native workflow. When deployed through Jamf Pro, users will receive a notification to register their Mac with Okta Verify, automatically enabling FastPass.

Users can now seamlessly and securely login to their organization's apps and websites using Touch ID. The user's local macOS account password will be synchrnonized with their Okta password to help reduce fogotten passwords and lock out.

For organizations that require more control over the local macOS account creation process and lifecycle, Jamf Connect can be used alongside Platform SSO.


Identity Enhanced BYOD

User Enrollment, Apple's enrollment method specifically for BYOD, allows employees to protect their privacy while IT keeps corporate data safe. With Enrollment SSO, Okta Verify is automatically downloaded and installed from the App Store during the enrollment process. The user is guided to authenticate with their Okta credentials within the Okta Verify app, fully registering the device with Okta while enabling FastPass.

Now with FastPass enabled, all remaining enrollment steps that require Okta authentication are performed with Face ID. Users can now seamlessly login to their work-managed applications and websites using Face ID, without needing to type their password, one-time codes, or action push notifications.

Coming Summer 2023
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.