Platform compatibility
| macOS | Windows | Linux | iOS / iPadOS | Android |
|---|---|---|---|---|
| ✅ |
How to set it up
Before deploying this control, connect Primo to your Entra tenant in Settings > MDM > Integrations.
Choose an authentication method
Select the authentication method from the dropdown:
- Secure enclave — uses the device’s secure enclave to bind credentials, providing the strongest level of security.
Deploying this control will automatically install the app required for Entra Platform SSO on targeted devices.
Modifying or removing the control
Disable the control from the profile settings. Disabling stops enforcement but does not remove existing configurations from devices.How it works
Primo uses macOS Platform Single Sign-On (Platform SSO), introduced in macOS 13, to integrate the login window with Entra ID. When a user logs in, macOS validates the credentials against Entra ID and stores the resulting token in the Keychain for SSO to browser and app sign-ins. Offline login is supported — if the device cannot reach Entra ID, macOS falls back to locally cached credentials.The first login after enabling this control requires an active internet connection to establish the Entra ID binding on the device.