Testing out Platform SSO for Entra ID and would like to see yall's experience.
- Here's our situation: Technicians creates a standard local account with a temp password. Platform SSO config profile gets installed with the "Password" Method of authentication through Jamf Pro without Connect. Then MSCP gets installed. Once the app is installed, the notification to register appears and we have the user register and sync their network account password.
- For all of users, PC and Macs, we utilize ManageEngine's AD SelfService Portal to update or reset their passwords. This would be our way for our mac users to change their passwords and then re-authenticate on their Mac in System Settings > Users & Groups > "User" > Authenticate to Sync their new password.
I'm still early om trying to discover what the user experience is, but my question is; What happens when a user's password is expiring or is expired?
What I have seen is the user can still log in with their expired password and then can re-authenticate. But is there anything stopping the user from just not synching their password and just use their expired password to login forever?
What happens if the user forgets their expired password (FileVault is enabled)?
Lastly, we currently use Kerberos SSO and the Extension that is in the top menu bar is enabled to change their password there when connected to our internal network, and it also shows us password age and gives notifications when the password is 2 weeks away from expiring.
Are there any services with Platform SSO that do these things?
Let me know your thoughts! Thanks
