Resources from In the Trenches with Platform SSO, Okta, Connect, and Network Relay at Jamf

Another huge thank you to everyone that joined us onsite in Denver learn about how we do Trusted Access at Jamf and how Platform SSO with Okta is becoming an important part of our zero trust journey. We teased something we're workshopping internally:

Zero Touch 2.0

Simplified Setup with Platform Single Sign-on for IdP-mastered local accounts on a supervised Mac, zero-touch activation of network resource access with Network Relay via attested client certs, Touch ID and Okta FastPass registration before the desktop, and Setup Manager as a bootstrapper to show how all the components come together.

The following embed includes the Keynote slides from our presentation:

If you don't see an embed above due to content blockers you can access the deck directly on iCloud here.

Check back for updates on this post to include more links to resources mentioned in the chat as well as a link to the recording once available.

Links

🔗 In the Trenches with Platform SSO, Okta, Connect, and Network Relay at Jamf (JNUC Session Catalog)
🔗 Platform SSO for macOS (Jamf Trusted Access Solution Center)
🔗 Configuring Simplified Setup for Platform SSO (Jamf Learning Hub)
🔗 Configure Desktop Password Sync for macOS 15 (Okta Docs)
🔗 Desktop Password Sync for macOS (Okta Docs)
🔗 Device Access certificates (Okta Docs)
🔗 Use Okta as a CA for Device Access (Okta Docs)
🔗 Just-In-Time Local Account Creation for macOS (Okta Docs)
🔗 Add custom attributes to apps, directories, and identity providers (Okta Docs)
🔗 Map Okta attributes to app attributes in the Profile Editor (Okta Docs)
🔗 Desktop Password Sync meets Platform SSO 2.0 and Jamf Pro (IAMSE.blog)
🔗 Platform Single Sign-on for macOS (Apple Platform Deployment)
🔗 WWDC25: What’s new in Apple device management and identity | Apple (YouTube)
🔗 Custom Menu Bar Action Items with Self Service+ (Jamf Learning Hub)
🔗 OS upgrades 2025: Platform Single Sign-On (Jamf blog)
🔗 Network Relays: Apple’s Modern Approach to Secure Remote Access (Jamf Engineering)
🔗 Beneath the MASQUE - a dive into Network Relay technology on Apple platforms (Jedda Wignall)
🔗 Network Engineer's Guide to Jamf Connect ZTNA (Jamf Trusted Access Solution Center)
🔗 The State of Identity on Apple devices (MacAdmins Conference/YouTube)
🔗 Farewell, Complexity: Platform SSO Simplified Setup on macOS 26 Powered by Okta and Jamf (IAMSE.blog)

Bonus

I also put together a short demo for the Jamf Expo Hall this year, here are those slides (if you don't see an embed below, click this link to go to iCloud).

Screenshots

Until the video is made available publicly I figured I'd share a few screenshots from the Jamf Pro walkthrough that we did live onsite in Denver.

Jamf Pro PreStage

Two things to note:

enforcing a minimum OS of 26.0 will be critical, as that is the minimum version that supports Simplified Setup for Platform SSO (PSSO just-in-time user creation during Setup Assistant)
for Okta the bundle ID for the SSO app is com.okta.mobile

For my demo I included only Okta Verify and Setup Manager. Setup Manager would be the option software to include, but I just love it as a bootstrapper (and tapping Command-L while it runs brings up logs you can review during the enrollment process).

Once the 403 method is working during setup you will likely not need to include the Okta Verify pkg. As of the time of this presentation, however, you need to supply it yourself for the flow to work.