<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D5WR00001g7ejN0AQOkta Classic EngineOkta VerifyAnswered2026-05-21T18:07:20.000Z2026-05-21T15:00:19.000Z2026-05-21T18:07:19.000Z

GarethJ.97885 (Customer) asked a question.

13h ago
macOS Platform SSO - user authentication experience

My understanding is that using PSSO and Okta, it should be able to create a seamless login flow as below. Can you please confirm, and give instructions how to do it? I have PSSO already set up.

 

1. The Mac Login: The user opens their Mac laptop and is greeted by the standard macOS lock screen. They enter their Okta password (or use Touch ID).

 

2. As soon as they hit 'Enter' at the lock screen, the Okta SSO Extension wakes up. It talks to Okta and silently fetches a primary authentication token (PRT) at the login window.

 

3. The user opens Chrome and navigates to an Okta-protected app. Because the Mac itself is already authenticated with Okta from the initial device login, Chrome passes the user straight into the app instantly. There is no FastPass prompt, no clicking "Sign in," and no biometric prompt required.

  • 1 answer
  • 7 views

  • Mihai N. (Okta, Inc.)

    Hi @GarethJ.97885 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

    While complete deployment guides are not within the purview of Okta Community, we can provide general guidance and advice. 

     

    The use-case implies an extensive list of prerequisites and configuration steps, but at a high level, seamless authentication on MacOS with "out-of-the-box" configuration works for Safari, but for Chrome you will need to enable the "SSO extension support for Chrome on macOS" Early Access feature" to support the SSO extension on Chrome 146 or later. Navigate to your Okta Admin Dashboard > Settings > Features. Search for "SSO extension support for Chrome on macOS" and toggle it to Enabled.

     

    You will need to keep the following Prerequisites in mind as well:

     

    • Okta Identity Engine (OIE): Your tenant must be on OIE (Okta Classic is not supported for this use case).
    • Okta Device Access: You must have the Okta Device Access SKU licensed and enabled in your tenant.
    • macOS Version: Devices must be running macOS 14 (Sonoma) or later. Hardware must include Apple Silicon or a T2 chip to support the Secure Enclave.
    • Chrome Version: Google Chrome version 146 or later must be deployed. Earlier versions lack the internal architecture to support the Apple SSO extension.
    • Okta Verify App: You must use the direct .pkg installer from the Okta Admin Console. The Apple App Store version does not support these Device Access features.
    • MDM Solution: An MDM (e.g., Jamf Pro, Kandji, Microsoft Intune) capable of deploying Simple Certificate Enrollment Protocol (SCEP) profiles and Extensible SSO payloads.
    • Configure Device-Bound SSO for macOS (also currently EA Feature)with Secure Enclave.

     

    I recommend opening a ticket to have an in-depth discussion about specific steps and troubleshooting with our Okta Support colleagues.  

     

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Collect them all. Learn a new skill and earn a new Okta Learning badge.

    Just released: More Okta Community badges just added

    Expand Post

Loading
macOS Platform SSO - user authentication experience