Configure browsers for agentless Desktop Single Sign-on on Mac

Make sure that the macOS host is a Windows domain member. For how to add your Macintosh OS/X host to a Windows domain, see macOS Sierra: Join your Mac to a network account server.

Safari

DSSO is enabled automatically in Safari on OS/X. 

Chrome

Use Terminal or a device manager such as Jamf to update the Chrome AuthServerWhitelist and AuthNegotiateDelegateWhitelist policy registers to include <org>.kerberos.okta.com:

defaults write com.google.Chrome AuthServerWhitelist org.kerberos.okta.com

defaults write com.google.Chrome AuthNegotiateDelegateWhitelist org.kerberos.okta.com

Chromium Edge

Use Terminal or a device manager such as Jamf to update the AuthServerAllowlist and AuthNegotiateDelegateAllowlist policies to include <org>.kerberos.okta.com:

defaults write com.microsoft.Edge AuthServerAllowlist org.kerberos.okta.com

defaults write com.microsoft.Edge AuthNegotiateDelegateAllowlist org.kerberos.okta.com

Firefox

1. Open the Firefox web browser, enter about:config in the Address bar, and press Enter.
2. If the Proceed with Caution message appears, click Accept the Risk and Continue.
3. In the Search preference name field, enter network.negotiate-auth.trusted-uris.
4. Click Edit, enter <org>.kerberos.okta.com, and click Save.

Next steps

Enable agentless Desktop Single Sign-on