Did I ever mention that i f** love the new Platform SSO feature in Intune for macOS?
Until now it wasn't possible to achieve a good SSO experience for Google Chrome but thanks to the PSSO feature which comes with an Entra join for our macOS devices, we now can have a SSO experience in Chrome.
For the following configuration you have two pre-requirements:
Platform SSO configured and Google Chrome installed.
Entra Join & Platform SSO for macOS with Intune | scloud
Intune macOS configuration for Google Chrome SSO
With Google Chrome, the Microsoft Single Sign On (formerly Windows Accounts) extension needs to be installed in Windows there is a new Settings but for macOS there is no way around that extension.
You can install the extension manually per user or much easier via Intune and a custom profile (mobileconfig). To do this, we first need the extension ID, which we find out by opening the extension in the "Chrome Web Store". Then it can be seen in the URL:
You create the profile under:
Devices > macOS> Configuration profiles ... + Create > + New Policy (Templates, Custom)
On the first tab you define a name and description:
After that you give the profile, which will be visible in the local machine, a name. I tend to use the same as in the Intune configuration to make it easier for support.
Next you define the deployment channel as the Device channel and upload the mobile config, which you can download below.
You find the mobileconfig template from Google here: Set Chrome app and extension policies (Mac) - Chrome Enterprise and Education Help (google.com)
I just modified it so only the SSO Extension is forced to be installed.
Once the extension is active, Google Chrome will support SSO.
The login then works seamlessly with an account connected to your device via Platform SSO (PSSO).
Google Chrome - with vs without Single Sign ON
Google Chrome with Default settings
Without the extension Google Chrome doesn't know about your Entra ID account and won't perform any kind of SSO.
Google Chrome with Platform SSO and Microsoft Single Sign On
And this is how I watend it to be for a long long time:
This works like a charm! Thank you very much!
10/10 Article. Definitely helped us.