PingID Administration Guide

PingID integration for Mac login

PingID integrates with Mac local login to allow organizations to better secure their server environments and end user Mac login, providing access only to authorized users. Authentication is possible using PingID’s wide variety of authentication methods.

Requirements

Web access

For details about required web access, see PingID required domains, URLs, and ports.

Policy settings

Mac login might be subject to policy settings.

Mac operating system

PingID integrates with Mac OS versions 10.15 (Catalina), 11 (Big Sur), and 12.4 or higher (Monterey).

Processor architecture

The PingID integration with Mac login can be used with both Intel and Apple silicon.

You should install the PingID integration for Mac login individually on each Mac machine requiring the PingID authentication service. After it has been installed on a Mac, all users of the machine must authenticate with PingID.

Support for PingID offline MFA

PingID integration for Mac login supports PingID offline multi-factor authentication (MFA).

The PingID User Guide refers to offline MFA as manual authentication.

To use PingID offline MFA, you must have:

  • PingID integration for Mac login on the protected Mac machine

  • A paired mobile device with PingID mobile app 1.8+ installed on it

  • The PingID offline MFA solution for Mac login is based on the assumption that an employee won’t have administrative permissions to the machine. Otherwise, the administrative permissions could be used to remove and bypass PingID.

  • Users must go through online authentication the first time after installation and only then will they be able to perform offline authentication.

  • To guarantee online authentication, the machine must have a network connection prior to completion of the login process.

  • Repudiation of a user for a login: During offline logins, there are no server side logs for successful or unsuccessful authentications. Admins should export these logs from the local console app or from the log path, /Library/Logs/PingIdentity.