Addigy Identity now includes two new features designed to streamline the end user login experience and simplify device assignment for administrators. This article covers what each feature does, who it benefits, and how to enable it in your Identity configuration.
Feature 1: Skip FileVault Login After Signing In
When FileVault is enabled on a Mac running Addigy Identity, end users have historically had to authenticate twice on every reboot — once at the FileVault pre-boot screen to unlock the disk, and again at the Addigy Identity login window to authenticate with their IdP. This double-login experience created friction at every restart and was a common source of end user confusion.
When Skip FileVault login after signing in is enabled, devices will bypass the FileVault pre-boot login screen on the next restart and proceed directly to the Identity login window, giving end users a single, IdP-authenticated login experience.
This feature is opt-in and controlled by administrators at the policy level. Indicators are surfaced in the Identity configuration UI so the security tradeoffs are transparent to admins making the decision to enable it.
Benefits
- Eliminates the double-login experience for Identity customers with FileVault enabled
- Faster, smoother reboot experience for end users
- Admin-controlled and opt-in, so organizations choose when the tradeoff is appropriate
Requirements
- FileVault enabled on the device
- Identity version v3.1.0 or later installed on the device
- The signing-in user must be SecureToken-enabled
- The signing-in user must be a FileVault-enabled unlock user
- The end user must authenticate to the device through Addigy Identity. The FileVault unlock is occurs after a successful Identity sign-in
How it Behaves
- The unlock is staged one time per sign-in. It applies to the next reboot, then standard FileVault login resumes until the next Identity authentication re-stages it
- Once staged, the unlock applies regardless of what triggers the reboot
- Reboots that don't follow a user login (headless or no-login restarts) are not covered, since there's no authentication event to stage the unlock
- If any of the requirements above are not met, the FileVault unlock cannot be staged, and the end user will see the standard FileVault pre-boot login screen on the next restart, as they normally would
How to Enable
- Go to Policies > Integrations & Settings > Identity
- Check Skip FileVault login after signing in
- Click Save Changes
- Deploy the policy
Video Coming Soon!
Feature 2: End User Device Assignment
If you are using Addigy's end user directory syncing through SCIM, you can now enable an option in your Identity configuration that automatically assigns devices to the corresponding end user when that user signs in to Identity.
This removes the manual step of mapping users to devices in the Addigy console and ensures your device inventory is always tied to the correct end user based on your source of truth (your identity provider).
Benefits
- Eliminates manual device-to-user mapping
- Keeps device ownership accurate and up to date automatically
- Works seamlessly with existing SCIM provisioning from supported IdPs
- Reduces administrative overhead during large deployments and refresh cycles
Requirements
- Identity version v3.1.0 or later installed on the device
- SCIM directory sync configured and healthy
- End users must authenticate to the device using Addigy Identity
How to Enable
- Confirm that SCIM directory sync is configured and actively syncing your end users
- Go to Policies > Integrations & Settings > Identity
- Check End User Device Assignment
- Click Save Changes
- Deploy the policy
Once enabled, the next time a synced end user signs in to a managed Mac through Addigy Identity, that device will be automatically associated with their user record. For more information on end user management.