{"id":38506,"date":"2022-01-19T04:11:34","date_gmt":"2022-01-19T04:11:34","guid":{"rendered":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/?p=38506"},"modified":"2025-08-20T07:14:56","modified_gmt":"2025-08-20T07:14:56","slug":"manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access","status":"publish","type":"post","link":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/","title":{"rendered":"Manage login to Macs using cloud identity providers with Hexnode Access"},"content":{"rendered":"<p>Hexnode Access is a feature that allows users to log in to their macOS devices using cloud IdP (identity provider) credentials. We&#8217;ve all experienced the ease of using cloud credentials when asked to sign up\/log in to websites or apps instead of creating new credentials for each of them. Similarly, logging into macOS devices is made smoother with Hexnode UEM&#8217;s integration with IdPs Microsoft Entra ID, Google Workspace and Okta. In addition, IT admins can remotely customize how the login window will look, provide users access to help links, and enable them to connect to a network, all from the login screen itself. <\/p>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Note:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<br \/>\n Hexnode Access is supported on macOS versions 10.13 and above.<br \/>\n    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<h2>Configure Hexnode Access:<\/h2>\n<p>To configure Hexnode Access on macOS devices: <\/p>\n<ol>\n<li>Login to Hexnode UEM portal.<\/li>\n<li>Go to Policies, select an existing policy or click on <strong>New Policy<\/strong> to create a new one.<\/li>\n<li>Navigate to <strong>macOS<\/strong> > <strong>Security<\/strong> > <strong>Hexnode Access<\/strong> and click <strong>Configure<\/strong>. <\/li>\n<\/ol>\n<h3>Basic settings: <\/h3>\n<p><strong>Identity provider:<\/strong> Select an IdP of your preference from the drop-down. Microsoft Entra ID, Google Workspace and Okta are supported by Hexnode Access. <\/p>\n<h4>1. Microsoft Entra ID<\/p>\n<h4>\n<p><strong>Configure authentication by:<\/strong> Admins can choose to move forward either using the IdP domains already added to the Hexnode UEM portal or by creating a new app registration in the IdP portal. Select the preferred method from the drop-down. <\/p>\n<p><strong>Microsoft Entra ID domains added to Hexnode portal:<\/strong><br \/>\nAdmins can select the domains listed under <strong>Admin > Microsoft Entra ID<\/strong>  in the Hexnode UEM portal to configure the authentication. <\/p>\n<ul>\n<li><strong>Domains:<\/strong> Select one or more domains from the drop-down. <\/li>\n<li><strong>Allow access for all users:<\/strong> Mark the checkbox if all the user groups in the above-selected domains should be given access to the device. <\/li>\n<li><strong>Allow access only for:<\/strong> If all the user groups in the selected domains shouldn&#8217;t be given access to the device, specify the ones that should be given access. <\/li>\n<\/ul>\n<\/li>\n<p><strong>Creating a new app registration in Microsoft Entra ID portal:<\/strong><br \/>\nA new app registration has to be created for the Hexnode Access app in the Microsoft Entra ID. <\/p>\n<h5>How to register Hexnode Access with Microsoft Entra ID?<\/p>\n<h5>\n<p>Create a new app registration: <\/p>\n<ol>\n<li>Login to the <a href=\"https:\/\/portal.azure.com\/#home\" rel=\"noopener\" target=\"_blank\">Microsoft Entra ID<\/a> portal. <\/li>\n<li>Click on the <strong>Show portal menu<\/strong> icon at the left top corner of the page and navigate to <strong>Microsoft Entra ID<\/strong> > <strong>Manage<\/strong> > <strong>App registrations<\/strong> > <strong>New registration<\/strong>.<\/li>\n<li>Enter <em>Hexnode Access<\/em> in the Name field.<\/li>\n<li>Under the <strong>Supported account types<\/strong> field, select <strong>Accounts in this organizational directory only (company name only &#8211; Single tenant)<\/strong>. <\/li>\n<li>Under the <strong>Redirect URI<\/strong> field, select <strong>Web<\/strong> from the <strong>Select a platform<\/strong> drop down and enter a valid URI in the adjacent field. The URI will be of the format <a href=\"https:\/\/portalname.hexnodemdm.com\/azure_devicelogin_callback\" rel=\"noopener\" target=\"_blank\">https:\/\/portalname.hexnodemdm.com\/azure_devicelogin_callback <\/a>. Replace <code>portalname<\/code> with the name of the corresponding Hexnode UEM portal\u2019s name.  <\/li>\n<li>Click <strong>Register<\/strong>. <\/li>\n<li>Under <b>Manage<\/b>, select Authentication. <\/li>\n<li>Select <b>Try out the new experience<\/b> (if shown). <\/li>\n<li>Under <b>Advanced settings<\/b>, in the <b>Enable the following mobile and desktop flows<\/b> section, select <b>Yes<\/b> to treat the application as a public client. This setting is required for the ROPC flow. <\/li>\n<li>Select <b>Save.<\/b> <\/li>\n<li>In the left menu, select <b>Manifest<\/b> to open the manifest editor. <\/li>\n<li>Set the <b>oauth2AllowImplicitFlow<\/b> attribute to true and select <b>Save. <\/b><\/li>\n<p><iframe loading=\"lazy\" width=\"665\" height=\"340\" allowfullscreen=\"\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/02\/Register-Hexnode-Access-app-on-Microsoft-Azure-portal.mp4\"><\/iframe> <\/p>\n<li>Once you have registered the app in the Microsoft Entra ID portal, return to the <strong>Integrations<\/strong> tab in the Hexnode UEM portal to continue configuring the authentication settings.\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png\"title=\"Manage login on mac using Cloud IdP - Configure Microsoft Entra ID\" alt=\"The Integrations tab provides an option to set up Microsoft Entra ID as the Cloud IdP for managing Mac logins\" width=\"750\" height=\"500\"><\/a> <\/p>\n<ol style=\"list-style-type: lower-alpha;\">\n<li><strong>Configuration Name:<\/strong> Enter a name for the configuration.<\/li>\n<li><strong>Identity provider:<\/strong> Choose <strong>Microsoft Entra ID<\/strong> from the drop-down menu.<\/li>\n<li><strong>Client ID:<\/strong> Enter the Application\/Client ID of the registered app from the Microsoft Entra ID portal. It is used to authenticate the user.<\/li>\n<li><strong>Tenant ID\/ROPG ID:<\/strong> Enter the Tenant ID\/ROPG (Resource Owner Password Grant) ID of your Microsoft Entra ID portal.<\/li>\n<li><strong>Client secret:<\/strong> Enter the client secret of the registered app, which is known only by the app and your IdP.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h4>2. Google Workspace<\/h4>\n<p><strong>Configure authentication by:<\/strong> Admins can choose to move forward either using the Google Workspace domains already added to the Hexnode UEM portal, creating OAuth credentials in Google Cloud or by uploading an LDAP certificate. Select the preferred method from the drop-down. <\/p>\n<p><strong>Google Workspace domains added to Hexnode portal:<\/strong> Admins can choose domains listed under <strong>Admin<\/strong> > <strong>Google Workspace<\/strong> in the Hexnode UEM portal to configure the authentication. <\/p>\n<ul>\n<li><strong>Domains:<\/strong> Select one or more domains from the drop-down.<\/li>\n<li><strong>Allow access for all users:<\/strong> Mark the checkbox if all the user groups in the above-selected domains should be given access to the device. <\/li>\n<li><strong>Allow access only for:<\/strong> If all the user groups in the selected domains aren\u2019t given access, specify the ones that should be given access to the device. <\/li>\n<\/ul>\n<\/li>\n<p><strong>Creating OAuth credentials in Google Cloud:<\/strong> OAuth credentials has to be created for the Hexnode Access app in Google Cloud. <\/p>\n<h5>How to create OAuth credentials for Hexnode Access? <\/h5>\n<ol>\n<li>Login to <a href=\"https:\/\/console.cloud.google.com\/welcome?project=enrollment-server&#038;pli=1\" rel=\"noopener\" target=\"_blank\">Google Cloud<\/a>. <\/li>\n<li>Click on the <strong>Navigation menu<\/strong> icon at the left top corner of the page and navigate to <strong>APIs and Services<\/strong> > <strong>Credentials<\/strong>. <\/li>\n<li>Click <strong>Create Credentials<\/strong> and select <strong>OAuth Client ID<\/strong>. <\/li>\n<li>Select <strong>Web Application<\/strong> from the <strong>Application type<\/strong> drop-down.<\/li>\n<li>Enter <em>Hexnode Access<\/em> in the Name field. <\/li>\n<li>Click <strong>Add URI<\/strong> under <strong>Authorized Redirect URIs<\/strong> and enter a valid URI. The URI will be of the format <a href=\"https:\/\/www.portalname.hexnodemdm.com\/gsuite_devicelogin_callback\" rel=\"noopener\" target=\"_blank\">https:\/\/portalname.hexnodemdm.com\/gsuite_devicelogin_callback<\/a> . Replace <code>portalname<\/code> with the corresponding Hexnode UEM portal\u2019s name.  <\/li>\n<li>Click <strong>Create<\/strong>.\n<p><iframe loading=\"lazy\" width=\"720\" height=\"380\" allowfullscreen=\"\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/02\/Register-Hexnode-Access-app-on-Google-Admin-console.mp4\"><\/iframe>\n<\/li>\n<li>Once you have registered the app and generated OAuth credentials in Google Cloud, return to the <strong>Integrations<\/strong> tab in the Hexnode UEM portal to continue configuring the authentication settings.\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Google-Workspace.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Google-Workspace.png\"title=\"Manage login on mac using Cloud IdP - Configure Google Workspace\" alt=\"The Integrations tab provides an option to set up Google Workspace as the Cloud IdP for managing Mac logins\" width=\"750\" height=\"500\"><\/a> <\/p>\n<ol style=\"list-style-type: lower-alpha;\">\n<li><strong>Configuration Name:<\/strong> Enter a name for the configuration.<\/li>\n<li><strong>Identity provider:<\/strong> Choose <strong>Google Workspace<\/strong> from the drop-down menu.<\/li>\n<li><strong>Client ID:<\/strong> Enter the Application\/Client ID of the registered app from the Google Workspace portal. It is used to authenticate the user.<\/li>\n<li><strong>Client secret:<\/strong> Enter the client secret of the registered app, which is known only by the app and your IdP. <\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/ul>\n<p><strong>LDAP Certificate:<\/strong> Admins can create and upload an LDAP certificate to set up authentication for Google Workspace domains listed under <strong>Admin > Google Workspace<\/strong>. <\/p>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Note:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<br \/>\nLDAP certificate-based authentication makes use of the <em>Secure LDAP<\/em> service. Make sure your Google Workspace account is subscribed to the required <a href=\"https:\/\/workspace.google.com\/pricing\" rel=\"noopener nofollow\" target=\"_blank\">pricing plan<\/a>.<br \/>\n    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<h5>Create LDAP certificate for Hexnode Access:<\/h5>\n<ol>\n<li>Login to the <a href=\"https:\/\/admin.google.com\/\" rel=\"noopener\" target=\"_blank\">Google Admin portal<\/a>.<\/li>\n<li>Click on the <strong>Main menu<\/strong> icon at the top left corner of the page. <\/li>\n<li>Navigate to <strong>Apps > LDAP<\/strong>.<\/li>\n<li>Click <strong>ADD CLIENT<\/strong>.<\/li>\n<li>In the <strong>LDAP client name<\/strong> field, enter <em>Hexnode Access<\/em> and provide a description for the client. <\/li>\n<li>Click <strong>Continue<\/strong>. <\/li>\n<li>On the next page, set up the access permissions based on your organization&#8217;s requirements.<\/li>\n<li>Click <strong>ADD LDAP CLIENT<\/strong>. <\/li>\n<li>A confirmation window will appear indicating that the LDAP client was successfully created.<\/li>\n<li>Click on the <strong>Download certificate<\/strong> option to download a zip file containing the LDAP certificate.<\/li>\n<p><iframe loading=\"lazy\" width=\"630\" height=\"343\" allowfullscreen=\"\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/How-to-create-LDAP-certificate-for-Hexnode-Access.mp4\"><\/iframe>  <\/p>\n<\/ol>\n<p><strong>Choose file:<\/strong> Select the downloaded zip file containing the LDAP certificate. <\/p>\n<h4>3. Okta<\/h4>\n<p><strong>Configure authentication by:<\/strong> Admins can choose to move forward either using the Okta domains already added to the Hexnode UEM portal or by creating a new app registration in the Okta domain. Select the preferred method from the drop-down. <\/p>\n<p><strong>Okta domains added to Hexnode portal:<\/strong> Admins can select the domains listed under <strong>Admin > Okta<\/strong> in the Hexnode UEM portal to configure the authentication. <\/p>\n<ul>\n<li><strong>Domains:<\/strong> Select one or more domains from the drop-down.<\/li>\n<li><strong>Allow access for all users:<\/strong> Mark the checkbox if all the user groups in the above-selected domains should be given access to the device.<br \/>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Note:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<br \/>\nWhen <a href=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/okta-integration-with-hexnode-mdm\/#\" target=\"_blank\">configuring Okta domains<\/a> under <strong>Admin > Okta<\/strong>, if the <strong>Sync target<\/strong> is set to <strong>Selected groups<\/strong>, then even if <strong>Allow access for all users<\/strong> is enabled, only the selected groups will have access.<br \/>\n    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<\/li>\n<li><strong>Allow access only for:<\/strong> If all the user groups in the selected domains shouldn\u2019t be given access to the device, specify the ones that should be given access.<\/li>\n<\/ul>\n<p><strong>Creating a new app registration in the Okta domain:<\/strong> A new app registration has to be created for the Hexnode Access app in the Okta domain.<\/p>\n<h5>How to register Hexnode Access with Okta?<\/h5>\n<ol>\n<li>Login to the Okta portal.<\/li>\n<li>Open the <strong>Admin<\/strong> console for your organization. <\/li>\n<li>Navigate to <strong>Applications > Applications<\/strong> to view the current app integrations. <\/li>\n<li>Click on <strong>Create App Integration<\/strong>.<\/li>\n<li>Select <strong>OIDC &#8211; OpenID Connect<\/strong> as the <strong>Sign-in method<\/strong>. <\/li>\n<li>For the <strong>Application type<\/strong>, select <strong>Native Application<\/strong>, then click <strong>Next<\/strong>. <\/li>\n<li>Enter a name for your app integration.<\/li>\n<li>Click on <strong>Advanced<\/strong> in the <strong>Grant type<\/strong> section and select <strong>Resource Owner Password<\/strong>. <\/li>\n<li>Navigate to Sign-in redirect URIs and add the URI. The URI will be of the format: <a href=\"https:\/\/portalname.hexnodemdm.com\/okta_devicelogin_redirect\" rel=\"noopener\" target=\"_blank\">https:\/\/portalname.hexnodemdm.com\/okta_devicelogin_redirect<\/a>.<br \/>\nReplace <code>portalname<\/code> with the name of the corresponding Hexnode UEM portal\u2019s name.\n<\/li>\n<li>Click <strong>Save<\/strong>.<\/li>\n<li>The application will be successfully created, and you need to configure the <strong>Client secret<\/strong>.<\/li>\n<li>On the home screen of the newly registered application under <strong>General<\/strong> tab, click <strong>Edit<\/strong>.<\/li>\n<li>Select the option <strong>Client secret<\/strong> corresponding to the <strong>Client authentication<\/strong>. <\/li>\n<li>Click <strong>Save<\/strong> under the <strong>CLIENT SECRETS<\/strong> section.<\/li>\n<li>A client secret will be generated.\n<p><iframe loading=\"lazy\" width=\"600\" height=\"343\" allowfullscreen=\"\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/How-to-register-Hexnode-Access-with-Okta.mp4\"><\/iframe>\n<\/li>\n<li>Once you have registered the app in the Okta portal, return to the <strong>Integrations<\/strong> tab in the Hexnode UEM portal to continue configuring the authentication settings.\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Okta.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Okta.png\"title=\"Manage login on mac using Cloud IdP - Configure Okta\" alt=\"The Integrations tab provides an option to set up Okta as the Cloud IdP for managing Mac logins\" width=\"750\" height=\"500\"><\/a> <\/p>\n<ol style=\"list-style-type: lower-alpha;\">\n<li><strong>Configuration Name:<\/strong> Enter a name for the configuration.<\/li>\n<li><strong>Identity provider:<\/strong> Choose <strong>Okta<\/strong> from the drop-down menu.<\/li>\n<li><strong>Client ID:<\/strong> Enter the Application\/Client ID of the registered app from the Okta portal. It is used to authenticate the user.<\/li>\n<li><strong>ROPG ID:<\/strong> Enter the Tenant ID\/ROPG (Resource Owner Password Grant) ID of your Okta portal. (e.g dev-123456.okta.com)<\/li>\n<li><strong>Client secret:<\/strong> Enter the client secret of the registered app, which is known only by the app and your IdP.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><strong>Select configuration:<\/strong> The configured app registrations will be visible in this drop-down menu, allowing for the selection of the desired one. Alternatively, the <strong>Create new configuration<\/strong> option can be chosen, which will redirect you to the Integrations tab for configuring a new app registration.<\/p>\n<p><strong>Hexnode Access in the Integrations tab:<\/strong> By default, the Integrations tab in the Admin console features a Hexnode Access tile. Here, you can create new app registrations in the corresponding Cloud Identity Provider (IdP) portal. Also, the Hexnode Access tile displays a list of policies configured using the associated app registration.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Hexnode-Access-tile-in-the-Integrations-tab.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Hexnode-Access-tile-in-the-Integrations-tab.png\"title=\"Hexnode Access tile in the Integrations tab\" alt=\"Image showing the Hexnode Access section located within the Integrations tab\" width=\"750\" height=\"500\"><\/a> <\/p>\n<p><strong>Scheduled sync:<\/strong><br \/>\nChoose the time interval for synchronizing the identity provider&#8217;s user list with Hexnode from the drop-down:<\/p>\n<ul>\n<li>Every 12 hours<\/li>\n<li>Every 24 hours<\/li>\n<li>Every 2 days <\/li>\n<li>Every 4 days <\/li>\n<li>Every week<\/li>\n<\/ul>\n<h3>Account settings:<\/h3>\n<p>Set up account settings according to various identity providers (IdP). <\/p>\n<h5>When choosing domains added to Hexnode portal:<\/h5>\n<ul>\n<li>Set user type of newly created user to Admin: When enabled, all new users created on the device will be assigned admin privileges.<\/li>\n<li>Set Admin user type only for: If admin privileges are not required for all users, specify the users who should be granted admin privileges.<\/li>\n<li>Migrate local account to network accounts: Check this option to migrate existing local accounts to network accounts.<\/li>\n<\/ul>\n<h5>For the option \u201ccreating app registration with IdP\u201d:<\/h5>\n<ul>\n<li>Set user type of newly created user to Admin: When enabled, all new users created on the device will be assigned admin privileges.<\/li>\n<li>Migrate local account to network accounts: Check this option to migrate existing local accounts to network accounts.<\/li>\n<\/ul>\n<h5>For the option \u201cLDAP Certificate\u201d:<\/h5>\n<p>Migrate local account to network accounts: Check this option to migrate existing local accounts to network accounts. <\/p>\n<h3>Login settings: <\/p>\n<h3>\n<p>You can adjust the login settings to manage authentication processes, improving both security and user experience. <\/p>\n<ul>\n<li>Sync password with cloud account: When this option is checked, the local account password will be synchronized with the network password. If unchecked, users will be prompted to set a new password for their local account.\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Notes:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ul>\n<li>If a passcode policy is present on the device, any changes to the local account and Cloud IdP passwords must meet the criteria specified in the passcode policy.<\/li>\n<li>For Microsoft Entra ID and Okta, the \u201cSync password with cloud account\u201d option is only functional when authentication is configured through app registrations. For Google Workspace, this option works only when authentication is <a href=\"#create-ldap-certificate-for-hexnode-access\" target=\"_blank\" rel=\"noopener noreferrer\">configured via an LDAP certificate<\/a> .<\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<\/li>\n<li>Allow Offline Access: Checking this option permits users to bypass network authentication and use the local login button at the login screen to authenticate locally.<\/li>\n<li>Allow offline access only for: When the Allow Offline Access option is enabled, you can specify user group names to restrict offline access to only those groups.<\/li>\n<li>Limit Offline Access: Check this option if you want users to re-authenticate online using their Cloud IdP credentials after a set period of time.<\/li>\n<li>Require authentication every: If the option Limit Offline Access is checked, select the frequency for re-authentication from the drop-down:\n<ol>\n<li>Every login<\/li>\n<li>Every 15 days <\/li>\n<li>Every 30 days <\/li>\n<li>Every 45 days <\/li>\n<li>Every 60 days <\/li>\n<li>Every 90 days <\/li>\n<li>Every 120 days <\/li>\n<li>Every 180 days <\/li>\n<\/ol>\n<\/li>\n<li>Fallback to local login: Check this option to fallback to local login when the device has no network connection.<\/li>\n<h3>Login Window Appearance<\/h3>\n<p>You can personalize the appearance of the Hexnode Access login window on the device with this setting. <\/p>\n<ul>\n<li>Set login page background<\/strong> \u2013 Upload an image to set as the login page background.<\/li>\n<li>Blur background image<\/strong> \u2013 Adjust the slider to blur the background image.<\/li>\n<li>Login page logo<\/strong> \u2013 Upload an image to set as the login page logo.<\/li>\n<li>Customize placeholder: Customize the login window placeholders to your preferred language, especially beneficial for organizations where English is not the primary language. Click the Preview button to see how the login window will appear with the customized placeholders.<\/li>\n<\/ul>\n<h3>Advanced Settings<\/h3>\n<p>You can improve the Hexnode Access login by adding additional options to the device&#8217;s login window, which are helpful for the login process. <\/p>\n<ul>\n<li>Allow access to network settings: Mark the checkbox to allow users to connect to a network from the login window. If enabled, click <strong>Network Settings<\/strong> on the login page and select a network to connect to.<\/li>\n<li>Help URL: Add a link that may be resourceful to the users when logging into the device or during enrollment and onboarding.<\/li>\n<li>Backup help file: Upload a file that the users can access in case they cannot connect to a network and are unable to open the help URL.<\/li>\n<\/ul>\n<h3>FileVault Settings<\/h3>\n<p>FileVault can be activated when the first user logs into the device via Hexnode Access.<\/p>\n<ul>\n<li>Enable FileVault: Select this option to activate FileVault upon user login.<\/li>\n<li>Save FileVault recovery key: Check this option to store the FileVault recovery key on the device.<\/li>\n<li>Set recovery key file path: Specify the location where the FileVault recovery key needs to be saved.<br \/>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Notes:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ul>\n<li>This feature is only available for devices enrolled through DEP.<\/li>\n<li>If the FileVault recovery key file path is either incorrect or not provided, the key will be saved by default at the following location:\n<p><code>\/Library\/Application Support\/HexnodeMDM\/Help\/RecoveryKey.txt<\/code><\/li>\n<li>FileVault cannot be enabled by associating the Hexnode Access policy in the DEP profile for a Mac, that was previously DEP-enrolled in another MDM with FileVault disabled in it. If that\u2019s the case, then the device must be wiped and re-enrolled to enable FileVault. To wipe the device from the Hexnode portal,\n<ol>\n<li>Navigate to <strong>Manage<\/strong> tab. <\/li>\n<li>Click on the device to be wiped, and from the <strong>Actions<\/strong> drop-down, select <strong>Wipe Device<\/strong>. <\/li>\n<li>Enter the Find My Mac pin and configure the other settings. <\/li>\n<li>Then, click on <strong>Wipe<\/strong>.<\/li>\n<\/ol>\n<p>On wiping, the device will be re-enrolled only if the option <strong>Enroll devices in MDM<\/strong> is enabled in the DEP configuration profile associated with your DEP account.\n<\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<\/li>\n<\/ul>\n<h3>EULA Settings<\/h3>\n<p>You can distribute <em>End User License Agreement (EULA)<\/em> for users to acknowledge. To do this, you can select a pre-configured EULA from the drop-down. Alternatively, the <strong>Add new EULA<\/strong> option from the drop-down can be chosen, which will redirect you to the <strong>Admin<\/strong> tab for configuring a new EULA. <\/p>\n<p>To configure EULA, navigate to <strong>Admin > EULA > Add<\/strong>.  <\/p>\n<p>Clicking the <strong>Add<\/strong> button will open a window where you can enter the <strong>EULA Title<\/strong> and the content for the EULA, which can be provided as either a <strong>Custom Link<\/strong> or <strong>Custom Text<\/strong>. <\/p>\n<h3>Login scripts<\/h3>\n<p>You can choose a script that should be executed on logging into the device. The supported file formats include Perl (.pl), Bash (.sh), Shell (.sh), C Shell (.csh), Zsh (.zsh), Korn Shell (.ksh), Hypertext Preprocessor (.php), Ruby (.rb), and Python (.py). <\/p>\n<p><strong>Choose script file source<\/strong> \u2013 The script can be either uploaded directly from the device or selected from the Hexnode repository if the file is already added to <strong>My Files<\/strong> under the <strong>Content<\/strong> tab in the Hexnode UEM portal. Alternatively, if the Hexnode repository is selected, you also have the option to generate scripts using <strong><a href=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/create-scripts-with-ai-powered-terminal-script-generator-hexnode-genie\/\" target=\"_blank\" rel=\"noopener noreferrer\">Hexnode Genie<\/a><\/strong>. <\/p>\n<p><strong>File name<\/strong> \u2013 On uploading files, the file name field will be auto-populated. If Hexnode repository is chosen as the file source, select a file from the <strong>File name<\/strong> drop-down.   <\/p>\n<p><strong>Binary path<\/strong> \u2013 Binary path will be auto-populated depending on the type of the selected file. <\/p>\n<p><strong>Arguments<\/strong> \u2013 If necessary, specify the arguments that would be required in the script. <\/p>\n<p>Please go through our detailed document on <a href=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/how-to-run-scripts-on-mac-using-hexnode-mdm\/\" rel=\"noopener\" target=\"_blank\">how to execute custom scripts on macOS devices<\/a> for better insight.  <\/p>\n<h2>Associate policies with macOS devices<\/h2>\n<p>If the policy has not been saved: <\/p>\n<ul>\n<li>Navigate to Policy Targets.<\/li>\n<li>Click on Devices\/ Device Groups\/ Users\/ User Groups\/ Domains. <\/li>\n<li>Choose the targets and click OK and then Save. <\/li>\n<\/ul>\n<p>If you have the policy saved already:<\/p>\n<ul>\n<li>Go to the Policies tab and choose the desired policy.<\/li>\n<li>Click on the Manage drop-down and select Associate Targets. <\/li>\n<li>Choose the target entities and click Associate. You can choose devices, users, groups, and domains as the policy targets. <\/li>\n<\/ul>\n<h2>What happens at the device end?<\/h2>\n<p>Once the policy is associated with the device, the user can either log in as usual to the local accounts or choose the <strong>Log in with work account<\/strong> option. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Hexnode-Access-login-screen.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Hexnode-Access-login-screen.png\"title=\"Hexnode Access login screen\" alt=\"Login screen after associating Hexnode Access policy\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>By clicking <strong>Log in with work account<\/strong>, the user can log in using their IdP credentials.<\/p>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Note:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<br \/>\nIf FileVault is enabled on the device, the Hexnode Access screen will not appear during startup. Instead, the Mac\u2019s native login screen is displayed, requiring the local account password to unlock FileVault. Once unlocked, the Hexnode Access screen is activated, prompting users to log in with their IdP account credentials configured during setup.\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-credentials.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-credentials.png\"title=\"Manage login on mac using Cloud IdP credentials\" alt=\"Log in to Mac using IdP credentials\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>Once authentication is complete, the user will have the option to connect to an already existing local account or to create a new one.  <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Connect-to-an-already-existing-local-account-or-create-a-new-one.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Connect-to-an-already-existing-local-account-or-create-a-new-one.png\"title=\"Connect to an already existing local account or create a new one\" alt=\"Options to either connect to an existing local account or create a new one \" width=\"750\" height=\"500\"><\/a><\/p>\n<p>On clicking <strong>Connect<\/strong>, the user will be prompted to enter the password of the corresponding local account. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Connect-to-an-existing-local-account.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Connect-to-an-existing-local-account.png\"title=\"Connect to an existing local account\" alt=\"Enter password to the selected existing local account\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>On clicking <strong>Skip<\/strong>, the user will be prompted to set a password for the new local account that is being created. Once it is done, the user will be logged into the device. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Create-a-new-local-account.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Create-a-new-local-account.png\"title=\"Create a new local account\" alt=\"Create a new local account to connect with the idp credentials \" width=\"750\" height=\"500\"><\/a><\/p>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Notes:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ul>\n<li>Users can connect their cloud identity to a local account only if the selected local account is password protected.<\/li>\n<li>The configurations applied using the Login Window Preferences policy will become ineffective once the Hexnode Access policy is associated with the device.<\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n<h5>Linking Hexnode Access policy in the Apple DEP tab<\/h5>\n<p>When setting up a DEP Configuration Profile, you can associate it with a pre-configured Hexnode Access policy. This allows users to log in with their IdP credentials immediately after completing the DEP enrollment process. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Option-to-associate-Hexnode-Access-policy-within-the-DEP-profile-configuration-tab.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Option-to-associate-Hexnode-Access-policy-within-the-DEP-profile-configuration-tab.png\"title=\"Option to associate Hexnode Access policy within the DEP profile configuration tab\" alt=\"Image showing the option to link a Hexnode Access policy within the DEP profile configuration tab\" width=\"750\" height=\"500\"><\/a><\/p>\n<h5>View local accounts created through Hexnode Access policy<\/h5>\n<p>You can view the local accounts created via Hexnode Access, along with the corresponding IdP account details, under the <strong>Local Accounts<\/strong> tab in the device details section of the Hexnode UEM portal. A filter is available here, allowing you to distinguish between accounts created by Hexnode Access and those created by the System. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Local-accounts-created-via-hexnode-access.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Local-accounts-created-via-hexnode-access.png\"title=\"Local accounts created via hexnode access\" alt=\"Info showing local accounts created through Hexnode Access or not\" width=\"750\" height=\"500\"><\/a><\/p>\n<h2>Password update and expiry scenarios for local and Cloud IdP accounts<\/h2>\n<p>After applying the Hexnode Access policy to the devices, if either the local account password or the Cloud Identity Provider (IdP) password is changed or expires and is not yet synced, users must authenticate with the updated password to ensure that both the device and the cloud passwords are aligned.<\/p>\n<p>The following are three scenarios that occur when the local account or Cloud IdP password is either updated or expires.<\/p>\n<h4>Scenario 1: When the local account password is changed<\/h4>\n<p>A prompt to update the local account password appears when there is a mismatch between the local account and Cloud IdP password. To sync with the Cloud IdP, users must authenticate using the updated local account password. <\/p>\n<ul>\n<li><strong>Case 1:<\/strong> <em>If the local account password is changed when the user is logged in:<\/em>\n<p>The user will be prompted to enter the current local account password to update it.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-local-account-password.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-local-account-password.png\"title=\"Update local account password\" alt=\"Prompt for updating the local account password \" width=\"750\" height=\"500\"><\/a>\n<\/li>\n<li><strong>Case 2:<\/strong> <em>If the local account password is changed and the user is logged out:<\/em>\n<p>If the local account password is changed and the user is subsequently logged out of the device, the user will need to log in using the new password. After the successful login, the new password will be automatically synced with the Cloud IdP, eliminating the need for manual password update via the Cloud IdP console.<\/li>\n<\/ul>\n<h4>Scenario 2: When the Cloud IdP password is changed<\/h4>\n<p>When the Cloud IdP account password is modified through the cloud console, the device screen will display a prompt, instructing the user to update their Cloud IdP password. <\/p>\n<ul>\n<li><strong>Case 1:<\/strong> <em>If the Cloud IdP password is changed when the user is logged in:<\/em>\n<p>The user will receive a prompt to enter the new Cloud IdP password to sync it with their local account. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-Cloud-IdP-password-user-logged-in.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-Cloud-IdP-password-user-logged-in.png\"title=\"Update Cloud IdP password- user logged in\" alt=\"Prompt for updating the Cloud IdP password\" width=\"750\" height=\"500\"><\/a>\n<\/li>\n<li><strong>Case 2:<\/strong> <em>If the Cloud IdP password is changed when the user is logged out:<\/em>\n<p>At the device\u2019s login screen, the user will be prompted to enter the new Cloud IdP password to sync it with the local account.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Re-enter-the-new-cloud-password-user-logged-out.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Re-enter-the-new-cloud-password-user-logged-out.png\"title=\"Re-enter the new cloud password: user logged out\" alt=\"Prompt for entering the new cloud password when the user is logged out\" width=\"750\" height=\"500\"><\/a>\n<\/li>\n<\/ul>\n<h4>Scenario 3: When the Cloud IdP password is expired<\/h4>\n<p>If the Cloud IdP password has expired, a prompt to update the password will appear on the device screen. <\/p>\n<ul>\n<li><strong>Case 1:<\/strong> <em>If the Cloud IdP password is expired when the user is logged in:<\/em>\n<p>Initially, a pop-up will appear requesting the Cloud IdP password to verify the account.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Pop-up-for-entering-the-current-Cloud-IdP-password-during-expiry.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Pop-up-for-entering-the-current-Cloud-IdP-password-during-expiry.png\"title=\"Pop-up for entering the current Cloud IdP password - during expiry\" alt=\"Prompt to enter the current Cloud IdP password when logged in and the password has expired\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>After account verification, a prompt to update the Cloud IdP password will be displayed.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Cloud-IdP-password-is-expired-when-the-user-is-logged-in.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Cloud-IdP-password-is-expired-when-the-user-is-logged-in.png\"title=\"Cloud IdP password is expired when the user is logged in\" alt=\"Notification that the Cloud IdP password has expired and needs updating \" width=\"750\" height=\"500\"><\/a><\/p>\n<p>Clicking on the \u201cUpdate Password\u201d option will redirect to a page where the user needs to enter the Cloud IdP account email address.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Enter-Cloud-IdP-email-address.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Enter-Cloud-IdP-email-address.png\"title=\"Enter Cloud IdP email address\" alt=\"Prompt to enter the Cloud IdP account email address\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>After entering the email address, a pop-up will appear allowing the user to update the Cloud IdP password. <\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-Cloud-IdP-password-after-expiry-user-is-logged-in.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-Cloud-IdP-password-after-expiry-user-is-logged-in.png\"title=\"Update Cloud IdP password after expiry: user is logged in\" alt=\"Prompt to update the Cloud IdP password after it has expired, while logged in\" width=\"750\" height=\"500\"><\/a><\/p>\n<\/li>\n<li><strong>Case 2:<\/strong> <em>If the Cloud IdP password is expired when the user is logged out:<\/em>\n<p>First, the user will need to re-enter the Cloud IdP password to synchronize with the local account.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Re-enter-cloud-password-during-expiry.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Re-enter-cloud-password-during-expiry.png\"title=\"Re-enter cloud password: during expiry\" alt=\"Prompt for re-entering the Cloud IdP password during the password expiry\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>After re-entering the password, a warning message about the expired password will appear, prompting the user to enter the Cloud IdP email address.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Cloud-IdP-password-is-expired-when-the-user-is-logged-out.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Cloud-IdP-password-is-expired-when-the-user-is-logged-out.png\"title=\"Cloud IdP password is expired when the user is logged out\" alt=\"Warning message indicating the Cloud IdP password has expired and requires an update\" width=\"750\" height=\"500\"><\/a><\/p>\n<p>After verifying the email address, a prompt to update the password will be shown on the login screen.<\/p>\n<p><a href=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-Cloud-IdP-password-after-expiry-user-is-logged-out.png\"target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Update-Cloud-IdP-password-after-expiry-user-is-logged-out.png\"title=\"Update Cloud IdP password after expiry: user is logged out\" alt=\"Prompt for updating the Cloud IdP password after expiry: user logged out\" width=\"750\" height=\"500\"><\/a>\n<\/li>\n<\/ul>\n    \t\t<div class=\"hts-messages hts-messages--info  hts-messages--withtitle hts-messages--withicon \"   >\r\n    \t\t\t<span class=\"hts-messages__title\">Notes:<\/span>    \t\t\t    \t\t\t\t<p>\r\n    \t\t\t\t\t<\/p>\n<ul>\n<li>The interface displayed on the device screen for password updates may vary depending on the Cloud IdP provider chosen during Hexnode Access policy configuration.<\/li>\n<li>The password update prompt will only appear during the scheduled sync period.<\/li>\n<\/ul>\n<p>    \t\t\t\t<\/p>\r\n    \t\t\t    \t\t\t\r\n    \t\t<\/div><!-- \/.ht-shortcodes-messages -->\r\n    \t\t\n","protected":false},"excerpt":{"rendered":"<p>Hexnode Access is a feature that allows users to log in to their macOS devices using cloud IdP (identity provider) credentials. We&#8217;ve all experienced the ease of using cloud credentials when asked to sign up\/log in to websites or apps instead of creating new credentials for each of them. Similarly, logging into macOS devices is [&hellip;]<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[122,115],"tags":[],"class_list":["post-38506","post","type-post","status-publish","format-standard","hentry","category-security-macos","category-managing-mac-devices"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Manage login to Macs using cloud identity providers with Hexnode Access - Hexnode Help Center<\/title>\n<meta name=\"description\" content=\"Simplify macOS logins with Hexnode UEM\u2019s IdP integration. Learn how to manage login on Mac using Cloud IdP with Hexnode Access.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Manage login to Macs using cloud identity providers with Hexnode Access - Hexnode Help Center\" \/>\n<meta property=\"og:description\" content=\"Simplify macOS logins with Hexnode UEM\u2019s IdP integration. Learn how to manage login on Mac using Cloud IdP with Hexnode Access.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/\" \/>\n<meta property=\"og:site_name\" content=\"Hexnode Help Center\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-19T04:11:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-20T07:14:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png\" \/>\n<meta name=\"author\" content=\"Shandwani Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shandwani Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"21 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/\",\"url\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/\",\"name\":\"Manage login to Macs using cloud identity providers with Hexnode Access - Hexnode Help Center\",\"isPartOf\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png\",\"datePublished\":\"2022-01-19T04:11:34+00:00\",\"dateModified\":\"2025-08-20T07:14:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/9c55b1a76922ceb501d158a7e884b5b3\"},\"description\":\"Simplify macOS logins with Hexnode UEM\u2019s IdP integration. Learn how to manage login on Mac using Cloud IdP with Hexnode Access.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#primaryimage\",\"url\":\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png\",\"contentUrl\":\"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png\",\"width\":2326,\"height\":1236,\"caption\":\"The Integrations tab provides an option to set up Microsoft Entra ID as the Cloud IdP for managing Mac logins\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Manage login to Macs using cloud identity providers with Hexnode Access\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website\",\"url\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/\",\"name\":\"Hexnode Help Center\",\"description\":\"Mobile Device Management Help\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/9c55b1a76922ceb501d158a7e884b5b3\",\"name\":\"Shandwani Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9bfc8a6f8b0cbfc72d6468889b02d47e92848b44ff2d3c9f40df487bda9cd549?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9bfc8a6f8b0cbfc72d6468889b02d47e92848b44ff2d3c9f40df487bda9cd549?s=96&d=mm&r=g\",\"caption\":\"Shandwani Wilson\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Manage login to Macs using cloud identity providers with Hexnode Access - Hexnode Help Center","description":"Simplify macOS logins with Hexnode UEM\u2019s IdP integration. Learn how to manage login on Mac using Cloud IdP with Hexnode Access.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/","og_locale":"en_US","og_type":"article","og_title":"Manage login to Macs using cloud identity providers with Hexnode Access - Hexnode Help Center","og_description":"Simplify macOS logins with Hexnode UEM\u2019s IdP integration. Learn how to manage login on Mac using Cloud IdP with Hexnode Access.","og_url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/","og_site_name":"Hexnode Help Center","article_published_time":"2022-01-19T04:11:34+00:00","article_modified_time":"2025-08-20T07:14:56+00:00","og_image":[{"url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png","type":"","width":"","height":""}],"author":"Shandwani Wilson","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Shandwani Wilson","Est. reading time":"21 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/","url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/","name":"Manage login to Macs using cloud identity providers with Hexnode Access - Hexnode Help Center","isPartOf":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#primaryimage"},"image":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png","datePublished":"2022-01-19T04:11:34+00:00","dateModified":"2025-08-20T07:14:56+00:00","author":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/9c55b1a76922ceb501d158a7e884b5b3"},"description":"Simplify macOS logins with Hexnode UEM\u2019s IdP integration. Learn how to manage login on Mac using Cloud IdP with Hexnode Access.","breadcrumb":{"@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#primaryimage","url":"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png","contentUrl":"https:\/\/cdn.hexnode.com\/mobile-device-management\/help\/wp-content\/uploads\/2024\/08\/Manage-login-on-mac-using-Cloud-IdP-Configure-Microsoft-Entra-ID.png","width":2326,"height":1236,"caption":"The Integrations tab provides an option to set up Microsoft Entra ID as the Cloud IdP for managing Mac logins"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/manage-login-to-macs-using-cloud-identity-providers-with-hexnode-access\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/"},{"@type":"ListItem","position":2,"name":"Manage login to Macs using cloud identity providers with Hexnode Access"}]},{"@type":"WebSite","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#website","url":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/","name":"Hexnode Help Center","description":"Mobile Device Management Help","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/9c55b1a76922ceb501d158a7e884b5b3","name":"Shandwani Wilson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9bfc8a6f8b0cbfc72d6468889b02d47e92848b44ff2d3c9f40df487bda9cd549?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9bfc8a6f8b0cbfc72d6468889b02d47e92848b44ff2d3c9f40df487bda9cd549?s=96&d=mm&r=g","caption":"Shandwani Wilson"}}]}},"_links":{"self":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts\/38506","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/comments?post=38506"}],"version-history":[{"count":46,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts\/38506\/revisions"}],"predecessor-version":[{"id":55357,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/posts\/38506\/revisions\/55357"}],"wp:attachment":[{"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/media?parent=38506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/categories?post=38506"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexnode.com\/mobile-device-management\/help\/wp-json\/wp\/v2\/tags?post=38506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}