Single Sign-on (SSO) Extension: Mac
Apple's SSO extension for macOS simplifies the process of allowing Mac users to seamlessly authenticate to WCER resources such as file servers and to easily manage password changes. Macs must be enrolled in Workspace ONE to have access to the SSO Extension.
- Benefits of the SSO Extension?
- Getting Connected
- Changing your WCER Password
- More Information
- Related Documents
Benefits of the SSO Extension?
Apple's single sign-on (SSO) extension for macOS provides two main benefits for end users:
1) It keeps Mac login passwords synced with WCER (Active Directory) account passwords, meaning fewer passwords to remember, and making password changes easier, while also helping to reduce login keychain problems.
2) With SSO active, accessing WCER network shares is simplified as it does not require re-entering WCER credentials, hence the name "single sign-on".
Initial setup of the SSO extension requires the Mac to either be on a wired connection in a School of Education space, such as the Education Sciences building, or be connected to the GlobalProtect departmental VPN if connecting via WiFi from any location whether on campus or off campus.
The first time you log in to the Mac after the SSO extension is installed, a sign-in window will open automatically.
You may also click on the key-shaped SSO icon in the top menu bar and select Sign In to bring up the window.
Enter your WCER username in the Username field and your WCER password in the Password field, and click the Sign In button.
A new window will prompt for your Active Directory and Mac passwords, to verify that they match.
NOTE: Your WCER password is your Active Directory password.
Once entered, click on the Sync Password button.
If the passwords don't match, the extension will sync them by changing your Mac password to match your WCER password.
Regardless, you will see the window shown below:
When you return from an offline or off-campus state (for example, the VPN was disconnected, or the Ethernet cable was unplugged) to an on-campus state, the SSO extension should automatically reconnect, but if it does not, click on the key-shaped SSO icon in the top menu bar and select Reconnect.
Changing your WCER Password
Users may change their WCER/SoE domain password from the SSO Extension at anytime so long as they are signed in. Clicking on the key-shaped icon in the menu bar reveals not only how many days remain until the password expires, but also whether they are currently signed in.
TIP: If not signed-in the SSO Extension icon as well as the Change Password... menu selection will appear "grayed-out".
Select Change Password... from the key shaped SSO Extension menu bar icon.
Enter your current password in the Old Password text field. Enter your desired password in the New Password field, and repeat it in the Verify Password field, then click the Change Password button.
You will see a window confirming that the change was successful and the passwords are synced when completed.
More Information - Getting Assistance
Apple's Kerberos single sign-on (SSO) extension for macOS allows users to seamlessly connect and authenticate to the WCER/SoE Active Directory, without the need for binding to the domain. Devices must be managed with an MDM solution in order to install the SSO extension configuration. UW-Madison has chosen Workspace ONE as its MDM solution and all Macs purchased or re-issued by WCER starting in late 2021 have Workspace ONE installed by default.
The SSO extension requires macOS 10.15 (Catalina) or higher. It replaces Apple Enterprise Connect which is not supported beyond macOS 11 (Big Sur).
For questions about the SSO Extension or assistance, please contact WCER Tech Services.
Email Tech Services: Replacing Enterprise Connect with macOS SSO Extension