SSO and Mac Login Window Authentication beta is now available
Best practices when configuring single sign-on at your K-12 institution

Best practices when configuring single sign-on at your K-12 institution

Mosyle Team
written by Mosyle Team

Twitter
Linkedin
Create my account

When deploying Apple devices at a school, adding and authenticating users, in this case teachers and students, can represent one of the most time-consuming aspects of education technology deployment and it’s important to consider how the sign on process can slow things down even for teachers and students in the classroom.

An overly complicated log in process that requires multiple logins can take time away from students that can be spent on attaining knowledge that will prepare them for the real world. When we think about younger users such as kids, it’s even more necessary to maximize time during those formative years. By simplifying the process for signing in, teachers and students can focus on what’s most important, Education.

It’s important to invest in an MDM solution that has a built-in identity management feature which makes adding and removing users provisioning easy and provides a singular login process. Mosyle Manager can help you maximize time and create an enjoyable user experience with features like Single Sign-On (SSO) and Mosyle Auth.

With SSO, teachers and students can access multiple parts of a system by logging in once. This means certain applications and softwares are easily accessible and it eliminates the need to log in multiple times. You can use Mosyle Auth to link your user accounts to identity providers so you can use modern authentication options.

In this article, we’ll go over the best practices and quick instructions for setting up SSO and Mosyle Auth. We’ll also provide you with our support team’s featured tip so you can get the most out of your identity management solution.

Mosyle Auth allows you to authenticate users with Google as the service provider and, once the user successfully authenticates, a Local Account must be created in order for them to use the device. This is why a Local Password is needed since Single Sign-On is not natively supported by macOS. We are still making improvements and new features to our Single Sign-On solution to improve the end-user experience which will be released throughout the beta period.

Featured Tip from our Support Team

Configuring Single Sign-On is made easier when you ensure that your account information is accurate. Make sure you use the same email to log in that you used to register for Mosyle. When you use a different email, a new account is created in addition to the original, meaning you’ll have to restart the enrollment process. We always recommend storing your login info in a location that is secure and accessible to you.

Our Customer Success and Support Team is considered one of the most reliable resources available for Apple device management solutions. Our specialists will get back to you quickly, answering your questions by analyzing your query along with full access to fresh and already structured logs. Our team can reach out to you through any and all necessary communication channels - ticket, phone call, web conference, screenshare, etc. And it's all already included on our Premium Plan!

Now we will provide you below with more instructions about Single Sign-On and Mosyle Auth available on Mosyle Manager. Currently these capabilities are still in beta, so stay tuned for more future updates!

How to configure Single Sign-On for logging in into Mosyle

In order for Single Sign-On authentication to work properly, users must be registered in Mosyle with the same email. Otherwise, the MDM solution will not apply SSO to the Primary Leader. If the profile is not configured correctly, it can result in the Primary Leader being unable to log in to the Mosyle account.

To configure Single Sign-On, navigate to the dashboard and click on “My School” from the menu at the bottom. Then, from the menu on the left, click on “Single Sign-On” and click “Add new profile” to start the configuration. Enter the Profile Name and select the option you’d like to enable the Single Sign-On access for by using the dropdown menu.

Access Web Panel

When choosing the option to enable SSO through the Web Panel, users will be able to use the same credentials from the IdP to log in to the Mosyle Web Panel.

Log in on Mosyle iOS app

When choosing this option, end-users will be able to use the same credentials from the IdP to log in to Mosyle’s iOS application and access Self-Service easily.

Log in on Mosyle macOS app

When selecting the option to enable SSO through the macOS agent, end-users will be able to use the same credentials from the IdP to log in to Mosyle’s macOS application and easily access Self-Service.

Next, select the Identity Service from the dropdown menu: Microsoft, Google, ADFS, Active Directory (LDAP) or On-Premises Active Directory.

Important note: When selecting an Active Directory Identity Service, you must select the Active Directory integration. If you didn’t configure the Active Directory integration, navigate to “Active Directory” and follow the steps to complete this integration. To complete the configuration of the profile assignment, select what users and/or devices will receive this profile and click "Save".

How to configure Mosyle Auth for Login Screen Window on macOS

You can configure Mosyle Auth by navigating to the Dashboard and clicking “My School” from the menu at the bottom. Then, from the menu on the left, scroll down and select “Single Sign-On”. Next, click on “Add new profile” to configure the SSO and enter the Profile Name. Select the option "Mosyle Auth for macOS" from the dropdown menu, so end-users will be able to log in to the Mac computers through a Login Window using the same credentials from the IdP service.

Important note: Mosyle Auth for macOS (Login Window) works only on macOS 10.12 or later (macOS Sierra).

Next, select the Identity Service from the dropdown menu: Microsoft, Google, ADFS, Active Directory (LDAP) or On-Premises Active Directory. When selecting an Active Directory Identity Service, you must select the Active Directory integration. If you didn’t configure the Active Directory integration, navigate to “Active Directory” and follow the steps to complete this integration.

Important note: the On-Premises Active Directory is only available for Mosyle Auth. You can select to auto-sync the password on Mosyle Auth when using On-Premises Active Directory as the Identity Service. To configure this option, just enable the checkbox next to this option when configuring the Single Sign-On profile within Mosyle Manager.

If you select Google or Microsoft as the Identity Service combined with the Mosyle Auth for macOS (Login Window), you’ll need to select who will be able to authenticate on the macOS. You can choose to allow only user email addresses previously registered on Mosyle or enter the specific domains of your educational institution, allowing all the emails from this domain to authenticate on devices.

Finally, configure the profile assignment by selecting what users and/or devices will receive this profile.

We hope our instructions and tips help you! You can get even more information about getting started with Mosyle Manager in our guide. Our team is always here to assist you!

Ready to get started with Mosyle Manager? Check out our getting started guide here.

Discover the most cost-effective MDM solution for schools

Learn more about the plan that better fits your school or district’s budget

2019 Mosyle™ Corporation |  Trusted by 11,000+ educational institutions across the globe