Page created: 19 Oct 2020 |
Page updated: 25 Aug 2022
PingID integrates with Mac local login to allow organizations to better secure their server environments and end user Mac login, providing access only to authorized users. Authentication is possible using PingID's wide variety of authentication methods.
- Web access
- For details about required web access, see PingID required domains, URLs, and ports.
- Policy settings
- Mac login might be subject to policy settings. For more information, see Mac login authentication policy.
- Mac operating system
- PingID integrates with Mac OS versions 10.15 (Catalina), 11 (Big Sur), and 12.4 or higher (Monterey).
You should install the PingID integration for Mac login individually on each Mac machine requiring the PingID authentication service. After it has been installed on a Mac, all users of the machine must authenticate with PingID.
Support for PingID offline MFA
PingID integration for Mac login supports PingID offline multi-factor authentication (MFA).
The PingID User Guide refers to offline MFA as manual authentication.
To use PingID offline MFA, you must have:
- PingID integration for Mac login on the protected Mac machine
- A paired mobile device with PingID mobile app 1.8+ installed on it
- The PingID offline MFA solution for Mac login is based on the assumption that an employee won't have administrative permissions to the machine. Otherwise, the administrative permissions could be used to remove and bypass PingID.
- Users must go through online authentication the first time after installation and only then will they be able to perform offline authentication.
- To guarantee online authentication, the machine must have a network connection prior to completion of the login process.
- Repudiation of a user for a login: During offline logins, there are no server side logs for successful or unsuccessful authentications. Admins should export these logs from the local console app or from the log path, /Library/Logs/PingIdentity.