> For the complete documentation index, see [llms.txt](https://docs.intunemacadmins.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.intunemacadmins.com/platform-single-sign-on-psso/configure-psso.md).

# Configure PSSO

{% hint style="info" %}
Due to being phishing resistant and generally more secure we will show how to setup PSSO with Secure Enclave in Intune. Alternatively you can follow this guide and select one of the other authentication methods.
{% endhint %}

Before we begin, just a heads up that you can find the official guide by Microsoft here: <https://learn.microsoft.com/en-us/mem/intune/configuration/platform-sso-macos#step-1---decide-the-authentication-method>

While the article by Microsoft goes in detail about the differences of each method and what to choose when, we will focus on the configuration policy.

Here is the final configuration profile:

![PSSO Configuration Profile](/files/5zuq1lE3mcAaNzmsLDGN)

### Import the policy

1. You can [download a ready to use PSSO policy from here](https://github.com/ugurkocde/intunemacadmins/blob/main/content/.gitbook/assets/PSSO/PSSO_Configuration_Policy.json). Right click and select "Save as ..." to save it locally on your device.
2. Go to the [Intune Portal](https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMacOsMenu/~/configuration) and sign in.
3. Select Create -> Import Policy and Upload the .json file that you have downloaded earlier.

### Create the policy manually

1. Go to the [Intune Portal](https://intune.microsoft.com) and sign in.
2. Go to Devices -> macOS -> Configuration or use this Link: [macOS | Configuration](https://intune.microsoft.com/#view/Microsoft_Intune_DeviceSettings/DevicesMacOsMenu/~/configuration)
3. Select Create -> New Policy -> Profile Type is Settings Catalog
4. Give the policy a name and click on next
5. You can find the Platform SSO Settings in the Settings picker at Authentication -> Extensible Single Sign On (SSO) -> Platform SSO ![PSSO Settings Picker](/files/in3dxLrVIbKG2eJl8VcP)
6. For our configuration policy please select the following settings from the list:
   1. Platform SSO:
      1. Authentication Method
      2. Use Shared Device Keys
   2. Registration Token
   3. Screen Locked Behavior
   4. Team Identifier
   5. URLs
7. After selecting the above settings your profile should look like the following screenshot: ![PSSO Configuration Profile](/files/PQpIfUdtS9nErg2pEiFi)
8. We can now configure the settings. Here is a working example: ![PSSO Configuration Profile](/files/5zuq1lE3mcAaNzmsLDGN)
9. After that, you can add scope tags and assign the policy.
10. Done :)

This video shows the user experience:

{% embed url="<https://www.youtube.com/watch?v=goccqHf4QS4>" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.intunemacadmins.com/platform-single-sign-on-psso/configure-psso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.