Addigy Identity is a macOS login replacement that connects the Mac sign in screen to your company’s identity provider (e.g., Microsoft Entra, Google, Okta ) for single sign on and centralized access control. Addigy Identity swaps the native Mac login window for an IdP backed experience so users authenticate with the same credentials they already use elsewhere. It is designed to combine one password convenience for users with the administrative control required by IT and security teams.
Core Functionalities
- IdP powered Mac logins compatible with Microsoft Entra, Google, and Okta.
- Customizable login screen that match your organization’s look and feel across devices.
- Attribute sync from the IdP (e.g., department, location, job title) to drive automated workflows.
- Just-in-Time user provisioning with automatic assignment of admin or standard roles.
- Suitable for both one to one and shared device environments.
- Offline sign in support, including last known password fallback, FileVault compatibility, and an optional emergency bypass.
Customize Identity
Addigy Identity allows for customization to enhance the login experience for your end users. Below is a screenshot of the additional settings that can be enabled:
Block Setup Assistant While Service Is Getting Configured
This setting makes sure the end user is held at the enrollment screen until Identity has been fully deployed. This prevents the end user from reaching the login window before Addigy Identity is deployed and ready to handle their authentication.
Create Users As Administrators
This setting determines if the users created via the just-in-time user account creation are administrators or standard users. If some users should be admin and other should be standard users, we recommend leaving this option disabled and elevating privileges via other methods such as scripts, alerts with automatic remediation and Maintenance.
Allow Users To Leave Addigy Identity And Continue To macOS Login Window
This setting allows the end user to revert back to the native macOS login window from the Identity login window. This setting will allow users to still sign into their device if they experience issues authenticating with their credentials but need to access their device.
Allow Users To Sync Identity Accounts With Local Device User Accounts
This setting allows the end user to sync their identity provider (IdP) email from your Entra, Google, or Okta environments to an already existing local account on the device. This helps when deploying Identity to devices that are already provisioned and have existing users. When the user logins in with their identity provider email for the first time, they will be prompted to select an already existing local account to sync to. The end user will be asked to validate the local account credentials to complete the syncing process.
Allow Users To Sign In Using Their macOS Username And Password
This setting allows end users to login to the device without having to authenticate against their identity provider. In scenarios where there is no internet connection the user will not be able to authenticate against their identity provider which will lock them out of their device. It is important to note that bypassing identity provider means bypassing password syncing and password policies. For strictly managed machines, it may be required to leave this option off.
If you would like to see how these settings change the end user's login experience check out our article on the Addigy Identity End User Experience.
Collect User Attribute Data
Collecting User Attribute Data is an optional setting which allows you to further manage end users devices. To configure User Attribute Data select your Identity Provider: Entra, Google, Okta.
Login Window Theme
The Identity login window is customizable meaning you can deploy a different background and logo for each one of your policies. You can customize the login window to create a much more tailored experience for your users.
Identity Beta Program
The Addigy Identity Beta Program gives IT teams early access to new Identity features before they are released to all customers. It is designed to give you more control, early visibility, and a chance to provide feedback, all while testing safely in real-world environments. Our Addigy Identity Beta Program Overview article goes into further detail and shares how to participate.
Helpful Resources
- How to Configure Addigy Identity with Microsoft Entra
- How to Configure Addigy Identity with Google
- How to Configure Addigy Identity with Okta
- How to Configure User Attributes for Microsoft Entra
- How to Configure User Attributes for Google
- How to Configure User Attributes for Okta