Manage and Control User Access of Mac devices with Keycard
  • 18 Jun 2024
  • 1 Minute to read
  • PDF

Manage and Control User Access of Mac devices with Keycard

  • PDF

Article summary

Keycard plugin is a powerful tool powered by Scalefusion that allows you to personalize the login interface and oversee login permissions on both macOS and Windows machines. All you have to do is generate a fresh Keycard configuration and then allocate it to device/user groups in order to regulate user access on your Scalefusion managed devices. 

In principle, with Keycard Configurations, IT admins can configure the following:

  1. A customized login window
  2. Control users' access to devices by selecting who is allowed to login
  3. Control access of users belonging to Identity Providers
  4. Conditionally managing the user login access based on various parameters.

The document describes the configuration of Keycard, how it works on macOS devices after publishing from Scalefusion Dashboard.


  1. The latest version of Scalefusion MDM client (agent app for mac) should be installed on the devices.
  2. You should be subscribed to Enterprise 2023 Plan.
  3. The macOS devices should be enrolled with Scalefusion.

How to access

  1. On Scalefusion Dashboard, navigate to OneIdP > Keycard
  2. Click on Add New button
  3. This will open the configuration window. Enter a name for the configuration.
  4. On the left you will find the configurable settings:
    1. Keycard UI: Use this section to configure a customized login page for the devices
    2. Keycard Settings: Control user access to devices by configuring settings from this section
    3. Conditional Access: Use this section to manage the user access by providing various parameters
  5. Once configurations are done, click on Save

  6. The configuration will appear on the main page.
  7. Now publish it on the devices by selecting the group(s)/device profile(s) on which you want to publish. You cannot apply more than one configuration on the same group/profile.
When using Keycard with Identity providers like Google Workspace, Microsoft Entra (formerly Azure AD) or Directory , we recommend not applying a password policy from Scalefusion Dashboard. Instead, password policies should be driven from your identity provider to keep the password in sync.

Other Actions on Keycard configuration

  1. Edit: You can edit a configuration. Clicking on edit button opens the edit configuration window where you can make changes and update. 
  2. Delete: The configuration gets deleted from the device and also removed from all associated groups/profiles. 
  3. Unpublish: Unpublishes the configuration from the devices and from the profile on which it has been published previously. The unpublish window will display only those groups/device profiles on which the configuration was applied earlier.

Was this article helpful?