Addigy Identity End User Experience

Addigy Identity enhances the macOS login experience for your end users. This article serves as a walkthrough of what they will be experiencing when Addigy Identity is deployed to their device. 

Table of Contents

• Powering On The Device
• Addigy Identity
  • Network
  • Local User Login
  • Alternative Login
• Customize Login Window
• Addigy Identity Creating A New Local User
• Addigy Identity Syncing With An Existing Local User
• Addigy Identity After A Password Change
• Addigy Identity Local User Lockout

Powering On The Device

If FileVault is enabled the end user will see the default macOS login screen and need to enter their local macOS password to proceed to Addigy Identity. If FileVault is not enabled the end user will reach the Addigy Identity login screen.

Note: With FileVault and Addigy Identity enabled the end user will be required to enter their password twice every time they power on the device after a restart or shutdown. The first time the password is entered is used to get through FileVault and the second time the password is entered is used to get through Addigy Identity. 

Note: The device will not have an internet connection while on the FileVault screen. 

Addigy Identity

With an active internet connection the end user will reach the Addigy Identity login window. The screenshots below show what the login window looks like with Entra, Google, and Okta configured:

Entra 

(Visit this article to learn more about signing in via Microsoft Entra)

Google

Okta

 Below the web view contains a shutdown, reload, and options buttons. 

• Shutdown: Clicking shutdown will allow the user to enable sleep, restart, or shutdown the device. 
• Reload: Clicking reload will cause the web view to reload.
• Options: Clicking options will allow the end user to connect to a different Wi-Fi network, sign in using local credentials, or sign in using an alternative login. 

  • Network:

    

    Network will allow the user to disable or enable Wi-Fi, scan for networks by clicking the scan network button, and choose a network to connect to. 

  • Local User Login:

    

    Local User Login will allow for the end user to sign into the device through their local macOS account. This may be used if the end user does not have an internet connection or is having issues signing into their email account. When using Local User Login any local macOS account on the device will be able to be used to sign into the device. 

    Note: This option will only appear if "Allow users to sign in using their macOS username and password" is enabled within the policy's Addigy Identity settings.

  • Alternative Login: 

    

    Alternative login can be used to bypass Addigy Identity and will place the end user at the macOS native login window. 

    Note: This option will only appear if "Allow users to leave Addigy Identity and continue to macOS login window" is enabled within the policy's Addigy Identity settings.

Customize Login Window

Addigy Identity allows you to deploy a background image and logo to customize the login window. Images can be deployed via the policy's Addigy Identity settings. If no background image is set Addigy Identity will default to the macOS background. 

Addigy Identity Creating A New Local User

The video below shows Addigy Identity creating a new local user once the end user successfully signs into their IdP account. 

Note: Addigy Identity will always create a new local macOS user unless the "Allow users to sync Identity accounts with local device user accounts" is enabled within the policy's Addigy Identity settings.  

Addigy Identity Syncing With An Existing Local User

The video below shows Addigy Identity allowing the end user to sync with an already existing local macOS user. 

Note: The option to sync with an already existing local user will only appear if the "Allow users to sync Identity accounts with local device user accounts" is enabled within the policy's Addigy Identity settings. 

Addigy Identity After A Password Change

The video below shows Addigy Identity syncing the users new IdP password to the device. After the end user signs into their IdP account by using their new password Addigy Identity will ask the end user to enter their previous password. 

Note: When the end user's IdP password is changed Addigy Identity will re-sync the password the next time Addigy Identity is launched. Addigy Identity will only launch when the end user powers on their device after a shutdown or restart.

Addigy Identity Local User Lockout

End users will be given the option to sign in with their local user with the "Allow users to sign in using their macOS username and password" setting enabled within the policy's Addigy Identity settings. Based on your password policy, multiple incorrect password attempts may lock the user’s account, requiring an administrator to unlock it.

Note: Admin's can unlock the user's local macOS account via the device's GoLive page > Users > Actions > Unlock.