PingID Administration Guide

Installing PingID integration for Mac login using UI wizard

Install PingID integration for Mac login through the user interface (UI).

Before you begin

Adding any multi-factor authentication (MFA) is a procedure that carries the risk of being locked out of the machine.

  • Several verifications are done on the parameters supplied for the installation to minimize any locking. The PingID integration for Mac login permits recovery from a lockout scenario by restarting the machine in Single User Mode.

  • Ensure that the remote login option is enabled on the Mac to allow connection to the machine by Secure Shell (SSH).

To install the PingID integration, you must have:

  • Administrator privileges on the target Mac machine.

  • A copy of the organization’s pingid.properties file. For instructions on how to download the relevant PingID properties file (with full or restricted permissions), see Managing the PingID properties file using SSH.

About this task

To install the PingID integration for Mac login using the UI wizard:

Steps

  1. On the PingID Downloads page, go to Integrations and download the PingID package .pkg file for Mac login.

  2. Double-click the PingID-MacOS-Login<version>.dmg file to launch the setup wizard.

    Result:

    The installer opens.

    A screen capture of the Ping ID for Mac login - initial screen.

  3. Double-click the PingID.pkg icon.

  4. At the security check window, click Continue.

  5. At the installer commencement window, click Continue.

    Result:

    The Software License Agreement window is displayed.

  6. Review the Software License Agreement, click Continue, and when prompted, click Agree.

    Result:

    The installation proper starts with the Installation Type window.

    A screen capture of the Mac login installation - select installation type.

  7. Optional: Click Change Install Location.

    Result:

    The Destination Select window opens.

    A screen capture of the Mac login installation - select destination.

  8. Keep the highlighted option unless there are compelling reasons for a different choice. Click Continue and then click Install.

  9. If required, enter your machine user name and password.

    Result:

    You see the following caution message.

    A screen capture of the Mac login installation - installation confirmation message.

  10. Click Continue Installation.

  11. In the Organization Information pane, click Browse, and then select the pingid.properties file that you downloaded from the Admin portal. For more information, see Managing the PingID properties file for Windows and Mac login.

    A screen capture of the Mac login installation - Organization information page.

  12. Click Continue.

    Result:

    The Manual Authentication window opens.

    A screen capture of the Mac login - manual authentication options.

    Choose the option to use for situations where the user cannot communicate with the PingID server:

    • Required: User can use the PingID mobile app for offline access. If they do not have a paired mobile device, their access is blocked.

    • Optional: User must use the PingID mobile app for offline access, but if they don’t have a paired mobile device, MFA is bypassed.

    • Disabled: Offline access is not permitted.

  13. Click Continue.

    Result:

    The The Domain / Username Mapping window is displayed.

    Mac login installation - username mapping

  14. In the Domain / Username Mapping window, select Specific username mapping and choose one of the available Active Directory attributes to use for identifying users, or select the Legacy username parsing convention option.

    If you select Legacy username parsing convention, you can optionally provide the organization domain so that users can provide just their user name when logging in, for example, john.smith, rather than entering user name plus domain name, such as john.smith@somewhere.com.

    The domain format should be:

    • @domainname, such as @somewhere.com

    • Maximum of 50 characters

    • The string entered in this field is appended to the username during sign on

      By default, domain validation is carried out for the domain that you specify in the Organization Domain field. You can use the Skip domain validation option to specify that PingID should skip domain validation.

      Because the username (plus domain name if set here) is sent to PingID for second factor authentication, it must precisely match a username entered through the admin portal. For PingID, user john.smith is not the same as johm.smith@somewhere.com even if the domain is correct.

  15. Click Continue.

    If you changed anything in the previous step, you might be asked to enter your machine username and password.

    Result:

    When the installation is complete, you see the following window.

    A screen capture of the Mac login installation - installation success message.

  16. Click Log Out.

    Result:

    You are asked what to do with the installer package.

    A screen capture of the Mac login installation - question about deleting installer package.

  17. Decide whether to keep the installer package.

    The installer exits and the machine is logged out to apply the changes.

  18. Optional: After successful installation, the downloaded pingid.properties file may be deleted from the Mac.

  19. To verify the installation, test that a user can sign on to the Mac machine using the PingID integration for Mac login.