/
Enabling Single Sign-on (SSO)

Enabling Single Sign-on (SSO)

Table of Contents:

This SSO feature will allow you to sign-in to your Mac using your UW Account credentials. Once signed in to your device, you will also be automatically signed into Microsoft apps and UW websites without having to re-enter your password each time. Limiting the total number of passwords you need to remember and the number of times you need to authenticate.

Password Registration Instructions

When the policy is applied, click on the notification to start the process.

image-20250417-144749.png

Click Continue to confirm the settings being applied.

image-20250417-145448.png

Type in your current macOS password. This is a general macOS admin prompt.

image-20250417-150319.png

 

Sign in with your UW/WatIAM account and validate any 2fa as needed.

image-20250417-145602.png

Type in your UW password.

image-20250417-150436.png

Process is now complete. Your UW password has been linked to the local Mac account.

image-20250417-145710.png

When viewing the account, we can see the local account is now linked to the UW account.

image-20250417-150754.png

Clicking on Edit under Network account server, again showcases that this account is set up using Platform SSO.

image-20250417-145755.png

This is also visible in the settings of the Company Portal app.

image-20250417-150933.png

After a bit of time, it is a good idea to restart your Mac to ensure the password is stored properly and can unlock FileVault.

Tools that currently leverage Platform SSO

  • Safari

  • Most Microsoft Apps

  • Edge – when signed into the browser with a profile

  • Firefox – with a SSO config profile

  • Chrome – with MS SSO extension

Password Resets

If your UW/WatIAM password is changed, you will need to navigate to System Settings > Users & Groups > Your User > Tokens > Authenticate.

image-20250417-151047.png

You will be prompted to type in your new UW/WatIAM password. You should then see the that the password has been synchronized and the “SSO tokens present” is lit green.

image-20250417-151108.png

You should close any open Microsoft Apps and relaunch them so they can authenticate with your updated password. You should also restart to ensure you can unlock FileVault properly. You may also need to re-authenticate to Eduroam with your new password.

Additional Feature – Sign-in with other UW Microsoft Accounts (macOS 14+)

Click on “Other…” and sign-in with a UW Microsoft Account using the full @uwaterloo.ca address.

image-20250417-151326.png

If you don’t see “Other…” you may need to hit “esc” on the keyboard or press Command+Return(Enter), or if the device was just powered on, you will need to sign-in to unlock FileVault then sign-out.

Viewing this account provides the same Platform SSO information

image-20250417-151421.png

These accounts are by default available to unlock the FileVault and are accessible at the login screen after reboot.

Related articles

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Article feedback

If you’d like to share any feedback about this article, please let us know.