End User Experience on macOS Devices
  • 03 Sep 2024
  • 2 Minutes to read
  • PDF

End User Experience on macOS Devices

  • PDF

Article summary

Once SSO configuration is created, users can sign in to the application when authenticated. The document describes how Scalefusion authenticates any user using SSO Configuration when they try to sign in to Gmail on macOS devices.

Pre-requisites

  1. SSO Configuration is created on Scalefusion Dashboard
  2. Users have been assigned with the SSO configuration
  3. Authenticator app is available on device (on device managed by Scalefusion and OneIdP user is logged in to the device) 
  4. Scalefusion MDM Client (agent app for macOS) is installed on device

Case 1: Device is Unmanaged (not enrolled with Scalefusion)

On macOS devices which are unmanaged, you can sign in to the application with an OTP. Let us assume in the SSO configuration, the Conditional Access > Device Policy is configured to allow access to Gmail application If the device is managed by Scalefusion or an OTP using OneIdP Authenticator app from a managed device.


Prerequisite 

  • One another device enrolled with Scalefusion having Authenticator app, should be available.

Steps

Following steps are to be performed on an unmanaged macOS device:

  1. Open browser (like Safari)and type www.gmail.com in the address bar. 
  2. On the Sign in screen, enter your email (the user's email to which you have assigned the application in SSO configuration). Click Next
  3. You will be redirected to OneIdP sign in page. Enter your email id and password and click on Sign In.


  4. On the next screen, click on Check Compliance & Sign In


  5. Please wait for the authentication.


  6. On the next screen you will be asked to enter the OTP generated in Authenticator. At this point, go to the device enrolled with Scalefusion and click on Authenticator to get the OTP.
    Note: Here we have shown a macOS device enrolled in Scalefusion with SSO configurations applied. It can be any other device also managed by Scalefusion. In macOS devices, Authenticator is present inside Scalefusion MDM Client.



  7. The OTP that is shown inside Authenticator app needs to be entered here on your unmanaged macOS device. Enter OTP and click on Log in


  8. Once authentication takes place, you will be signed in to Gmail with that user.
Scalefusion MDM Client v3.17.7 onwards, Step #4 will not be applicable. After entering OneIdP sign in credentials and OTP, users will be authenticated and logged in.

Case 2: Device is managed by Scalefusion

Let us assume in the SSO configuration, the Conditional Access > Device Policy is configured to allow access of application only if Device is managed by Scalefusion.

Prerequisite 

  • Device should be enrolled with Scalefusion with Authenticator app available on it.

Steps

Following steps are to be performed on a managed macOS device:

  1. Open browser (like Safari) and type www.gmail.com in the address bar 
  2. On the Sign in screen, enter your email (the user's email to which you have assigned the application in SSO configuration). Click Next
  3. You will be redirected to OneIdP sign in page. Enter your email id and password and click on Sign In.
  4. On the next screen, click on Check Compliance & Sign In


  5. Please wait for the authentication.


  6. You will get a pop-up to allow opening Scalefusion MDM Client. Click on Open Scalefusion-MDM Client

  7. This will open the Scalefusion MDM Client (agent app for macOS). If the user is authenticated successfully, the following pop-up will be displayed.


  8. On clicking OK in the pop-up above, please navigate back to the browser on which you entered your sign-in credentials (shown in Step #2). You will be signed in to the gmail account.
On managed devices, Scalefusion MDM Client v3.17.7 onwards, users will be silently authenticated. Hence, Step #4, #6 and #7 will not be applicable.



Was this article helpful?