Configure browsers for agentless Desktop Single Sign-on on Mac

Make sure that the macOS host is a Windows domain member. For how to add your Macintosh OS/X host to a Windows domain, see macOS Sierra: Join your Mac to a network account server.


DSSO is enabled automatically in Safari on OS/X. 


Use Terminal or a device manager such as Jamf to update the Chrome AuthServerWhitelist and AuthNegotiateDelegateWhitelist policy registers to include <org>

defaults write AuthServerWhitelist

defaults write AuthNegotiateDelegateWhitelist

Chromium Edge

Use Terminal or a device manager such as Jamf to update the AuthServerAllowlist and AuthNegotiateDelegateAllowlist policies to include <org>

defaults write AuthServerAllowlist

defaults write AuthNegotiateDelegateAllowlist


  1. Open the Firefox web browser, enter about:config in the Address bar, and press Enter.
  2. If the Proceed with Caution message appears, click Accept the Risk and Continue.
  3. In the Search preference name field, enter network.negotiate-auth.trusted-uris.
  4. Click Edit, enter <org>, and click Save.

Next steps

Enable agentless Desktop Single Sign-on