Ntiva Live: Apple for Business

Connecting Macs to Google, Okta, and Microsoft 365

Episode Overview

In this episode, Ben and Ross discuss how to better manage your Apple enterprise by connecting with Google, Microsoft 365, and other SSO and AD platforms.

Sign Up Today

Complete the form to register for the Ntiva Apple for Business Livestream series. You’ll get an email reminder before each livestream, plus an email with a link to the recording in case you miss any of the live events.

Episode Transcript - Connecting Macs to Google, Okta, and 365

 

Ben Greiner:

Hi, everyone. Today is Tuesday, October 5, 2021, livestreaming from Chicago. I'm Ben Greiner, director of Apple technology at Ntiva. And with me is Ross Matsuda, our systems administrator focused on Apple technology. Today, we are discussing how to connect your Macs to Google, Okta, or Microsoft 365, otherwise known as Azure AD, and we'll talk more about that and what that means in a minute. But first, some recent Apple news. And before I get into that, how are you, Ross?

Ross Matsuda:

I'm fighting the good fight. How about yourself?

Ben Greiner:

Good. I'm going with the light background today. We'll see how that works.

Ross Matsuda:

Yeah. It's hypnotic.

 

Apple News

Ben Greiner:

Yeah, yeah. So here I'm going to share my screen. Something that came up recently... Let's see. Something that came up on the support desk a few times is this idea of HEIC files, and I don't know if you're supposed to pronounce it. I'm not even going to try. I'm just going to say HEIC. Are you familiar with this, Ross?

Ross Matsuda:

I am. I am, or loosely, I suppose I should say. If memory serves, all you had to do in there is go into the actual files, change the file type, just overwrite that HEIC to .JPEG. Yeah.

Ben Greiner:

Yeah. Well, on the Mac, that probably works. I don't know if it works on a Windows machine.

Ross Matsuda:

Oh, okay.

Ben Greiner:

But, yeah. Apple changed their file format for storing files on an iPhone, or really anywhere I guess. And it stands for high efficiency image file, that's HEIC. And although you can set your devices to not use this format, you're kind of doing a disservice by having larger files than you need. So this is a very, as it says, high efficient, high efficiency image file means things are smaller, but better quality, so it is nice. It's just that some applications when sharing these files from photos, they don't know how to convert them or deal with them.

Ben Greiner:

So you send somebody a file format, especially on the Windows side, that they don't know how to deal with. And I've ran into it a few times on my own computer when I just airdrop something from an iPhone to my Mac, and I've discovered that it was this file format. And as you pointed out, Ross, you can just change the file format, it opens up, but for a Windows machine, there's an article here, and we will post it in the notes, but it talks about how you can convert this for Windows, how to convert to JPEG on Windows. So I just wanted to share that. I also wanted to mention that yesterday was Siri's 10th birthday, and I haven't wished her a belated happy birthday today to see what she says, but if you wished her happy birthday yesterday, she would say something specific to the birthday wish.

Ben Greiner:

So that was kind of interesting. And today is the 10th anniversary of Steve Jobs' death. And if you go to Apple's webpage, they had a tribute to him here, and they've got a nice little film. It's only a couple of minutes long. So if you're interested in that, check it out. Hard to believe it's been 10 years. Do you remember where you were, Ross, when that news was announced, Steve Jobs?

Ross Matsuda:

Oh, jeez. Not specifically, but I was a retail employee at the time, so I'm [crosstalk 00:03:29].

Ben Greiner:

Oh, you were? Okay.

Ross Matsuda:

A lot going on back then, yeah.

Ben Greiner:

So you worked for Apple at the time?

Ross Matsuda:

Yeah, yeah. I was at the Genius Bar for about six years, six and a half years. Yeah, in one of the stores.

Ben Greiner:

Yeah. Yeah. Yeah, so I'm sure that was a huge deal at the store. I remember I was having dinner with my wife, we had just dropped the boys off at Scouts. It was our wedding anniversary. Today is our wedding anniversary and-

Ross Matsuda:

Well, happy anniversary.

Ben Greiner:

Yeah, thank you. Yeah, and we all knew I think that it was going to happen, but Apple secrecy, no one knew exactly when, and so I remember it was a little bit of a shock. Let's see. I wanted to go to Apple Newsroom. Oh, I started the video. Can you hear the music by the way?

Ross Matsuda:

Yeah, I'm not getting anything coming through here, which is probably for the [crosstalk 00:04:21].

Ben Greiner:

Okay. Yeah. I didn't mean to start the video. We don't need to do that. I'm going to go to Apple Newsroom. Jeez, come up. Let me move my screen sharing out of the way. Okay, here we go. apple.com/newsroom. I just wanted to point out that Apple did update their iWork suite, and apparently, they still call it iWork, Ross. I've seen that name kind of come and go over the years, but iWork is a nice summary of a way to describe numbers, Pages, Keynote, which is most equivalent to Microsoft Word, Excel, and not Portfolio.

Ross Matsuda:

PowerPoint.

Ben Greiner:

PowerPoint. Thank you. PowerPoint. And Apple updated these. Some of the new features are in preparation for Monterey, which we still don't know when Monterey is shipping. Right, Ross?

Ross Matsuda:

Yeah, no release date yet. Beta 8 has been on the ground for about a week. I haven't seen any really substantial changes in my testing there, but everyone is kicking around their ideas. We're all hoping it'll be this month or next month, just a question of when.

Ben Greiner:

Yeah. And I actually really enjoy using these apps. I use them when I can, although I also live in a Windows world where I do use the Microsoft Office apps, and you can interchange them a little bit. There's translation that goes on, so it's not... I wouldn't totally recommend putting a file back and forth between Pages and PowerPoint, or Word and Pages, although it technically can be done. But I will say one of the frustrating parts for me, and I think you, Ross, is the way Apple handles these updates, especially if you use collaboration. So we have a handful of clients who use Keynote collaboration, and they love it. It works great.

Ben Greiner:

The problem is Apple releases an update, of course they don't tell us. We learn about it, typically, when a client calls in and says, "Hey, I can't collaborate on this Keynote file." And that's because one person on the team updated Keynote, and now that update has affected the collaboration. Everyone has to be on the exact same version of Keynote. Is that correct?

Ross Matsuda:

Close enough. So the way that this works is that, for example, a while ago, there was an update to iCloud that was pretty substantial. It added a bunch of new features, and your existing iCloud account before that update went through could still hang out and still do its thing. But if you went into icloud.com, or you updated the operating system on your phone or your Mac to the newer operating system, part of that process would say, "Hey, great. We're going to update your iCloud ID to work with these new features." You hit okay, and as soon as you do that, that cloud information gets changed, right? And so now it's compliant with the brand new stuff Apple has put out, works great. Every other device that was looking at that information online now needs to get those OS updates or upgrades in order to talk to it.

Ross Matsuda:

This is the same thing that's happening with Keynote. And so when one user at an organization updates to a newest version of Keynote when the stuff launches, as soon as they touch a file that's stored on the cloud, especially if it's used for collaboration, that file says, "Oh great. I'm working on the brand new version, that means I can enable all these features." And it writes some information into the document to support that. Well, once that's done, that's it, there's no way to really walk that back. And so anyone else who hasn't run this update yet, they touch that file, they're going to get notified that, "Oh, this has been edited by a user in the brand new version of Keynote. You need to update your version of Keynote in order to read it.

Ross Matsuda:

In a vacuum that's not a huge deal, but because Apple is pretty aggressive with the necessary operating system that needs to be installed to run some of these, that's where we see some problems. And in this situation, a lot of the features in the newest version of Keynote are Big Sur exclusives. I say Big Sur and Monterey, even though Monterey has not been launching, and so we're seeing some organizations that now need to get as many people as they can on their creative team who are using these collaboration documents. Everyone has got to get on Big Sur. Good news is Big Sur is incredibly mature operating system by this point. So I believe we're on version 11.6. 11.6.1 is a security update that we're expecting soon, that's currently in beta for the dev community to take a look at. So the upgrades are doable, but it can be fairly jarring to get everyone there in a rush.

Ben Greiner:

Yeah. Yeah. And so the general message here, and it's not just Keynote, it applies to almost all the collaboration tools out there, whether it's a Box, or what's another? Office has collaboration tools. You really all need... Adobe has collaboration tools. Everyone on your team needs to be running the same version of the software. And so before you update anything, check with your team to make sure everyone is ready for that change, because it does cause workflow disruptions, and we do our best to keep everyone up to date or at the same level, but it is a real challenge. And we also try to balance helping somebody versus locking them down to the point where they can't do some of the things that they need to do on their own.

Ben Greiner:

And, Ross, I know you and I have talked about this. How can we prevent people from breaking their Keynote collaboration other than locking them out of the app store, or Apple fixing it, like putting up a screen saying, "Hey, are you sure you want to do this," before you take the next step. So we'll keep working on that.

 

Identity Management Software

Okay. So let's get to our main topic, 10 minutes in. So our main topic is really about Addigy... or, no, not... Yes, Addigy. Well, it's about identity management, and specifically, Addigy Identity. And then clearly I'm going to struggle with these words today. So let me share another screen I have, which is the Keynote. And I'm going to put Keynote into a window which works much better. That's one of the relatively new features. And then I'm going to share that window here. Keynote. Okay. You see the Apple and Ntiva logo, Ross?

Ross Matsuda:

Yep. Looking...

Ben Greiner:

Okay. And now you see a Mac, actually, a Mac M1 representation, or at least taken online, and Apple got rid of their Apple logo from the front, so it's hard to even know that is an Apple these days, which is surprising. But this is your standard version of MacOS login screen if you're running Big Sur, and typically, you'd have your own login. Here's mine. You'd have in Ntiva's login, that's our administrative login. You may have others. There may be others specific to your client log in. You may have a client admin login, but this is a general representation of what it looks like. And with Addigy Identity, what we're talking about is replacing that screen with your identity management provider. And a lot of people don't know if they even have an identity management provider, but those that run either Google or Office 365 do have one, because it ships with those solutions.

 

Connecting Your Mac to Microsoft 365, Google, and Okta

Ben Greiner:

And I'll talk a little bit more about that in a minute, but the general concept is instead of sending your employees to log in to their machines using their Mac username and password, they're going to log in using their email and password, and maybe even two-factor that they use to log in to their primary service for email, which in this case in this screen grab is Office 365. So let's see. Let me get to the next slide. So I talked about the way this works. Microsoft 365, which really relies on Azure Active Directory, which is different than Active Directory. Active Directory is a long-standing directory service that has been around for decades, is mostly on-premise. In fact, I don't think there really is a off-premise Active Directory server. I mean service. I guess you-

Ross Matsuda:

No, not to the best of the my knowledge.

Ben Greiner:

Okay.

Ross Matsuda:

You're going to be running on a local server at one of your offices if you're connecting to AD.

Ben Greiner:

Yeah. So Microsoft Azure is the sort of cloud next generation version of Active Directory, and then Google Workspace has their own directory. And Okta is a more of a identity provider that is built for the cloud, that spans all services, all devices, and it's also very popular, if you do have a need that goes beyond Azure Active Directory or Google Workspace. So we have clients using Okta, or JumpCloud is another one. OneLogin would be a third as an example, and there are pros and cons to and reasons why people would use different solutions. And in fact, we have used Microsoft Office 365. I think it's just called Microsoft 365 now. It was Office 365, now it's Microsoft 365. We've used that for years, even before we joined Ntiva. When we were Forget Computers, we were using it.

Ben Greiner:

And we tried using Azure Active Directory as our directory, and at the time, it was both frustrating, and honestly, we didn't have the knowledge to take full advantage of it. So we ended up using JumpCloud. Actually, we used OneLogin, and then we used JumpCloud. But now that we're part of Ntiva, and they have the deep resources in Microsoft 365, they have people who know Azure Active Directory, and I think it's gotten a little easier as well. So it's more closely tied, or I feel we're using it much more than we did OneLogin or JumpCloud In the past. All that being said, most everyone has a identity management provider, whether they know it or not, or they could take more advantage of something like Okta, or their existing solutions.

Ben Greiner:

In this presentation, we want to just focus on Addigy Identity. So let's take a look at how that works. And the basic concept is we take your Cloud Directory, we tie it to Addigy, and then Addigy replaces your login screen. And you can see we have our Apple, or we have our Ntiva logo in this screen. Everything else is provided by Microsoft, and if I were to log into this, these are screen grabs, obviously, but if I were to log into this, I would enter my email. I'd enter my password. Oh, I want to mention you can also brand not just the logo, you can brand the background as well, if you want to have a corporate color or something, or you can put your corporate logos in there, or whatever you fancy. Here, I threw some bunnies, and squirrels, and hearts in here just for fun.

Ross Matsuda:

Bold choice.

Ben Greiner:

Yeah. And this can identify that this is your... I know we have a lot of clients who love branding and identifying. They're branding experts, so they'll brand the background, and we can provide the dimensions. You send them to us, we'll put them in the system, and you can have your own logo and your own background. We're not going to make Ross do that work. You have to provide the images. We're only going to provide the dimensions and the specs.

Ross Matsuda:

That's very kind of you. I appreciate that.

Ben Greiner:

Yeah. So if I were logging in here, the one thing that would be unique to our situation is we also use Duo for two-factor authentication when logging into Office 365. So if I were to log into my Mac, I would be presented with this screen where I enter my email address. I enter my password, and then, eventually, I'm prompted for the Duo authentication. And there's some options there, and I can accept it on my watch or my phone, but that is the integration, and that's what it looks like when logging into your Mac. We'll talk about some pros and cons of that later, but that is the concept of how it works.

Ben Greiner:

They're showing Microsoft login in real time, and in this case, the two-factors is a text. They're showing Okta authentication. I've not used Okta, but concepts are the same. And they talk about just in time account creation, and what that means, "Just in time," and I don't think that... I'm going to pause it here for a minute, because I don't think the video represents what just in time is.

Ben Greiner:

Just in time is the idea that you can take a Mac that, typically, out of the box, but it could already be out of the box and connected it to the internet, and if you sit down at that Mac, that is tied to Active Directory, and tied to your directory, and you have an account on that directory, even if you've never had an account on that machine, it will create one for you just in time. Right? So if Ross sat down at my machine and typed in his credentials at the Addigy Identity login screen, which would be Microsoft, actually, Microsoft login screen, Addigy Identity would create an account for Ross on my computer at that time, just in time. Did I get that right, Ross?

Ross Matsuda:

Yeah. Spot on. It really just mimics. If you've been used to using a local Active Directory setup, it's the same basic idea, right? Where you can sit in front of a machine you've never been to before, especially if you're an IT or an administrator, you've got a way to get into that computer, right? It's you type in your network credentials, and it'll spin up an account for you to use keeping your data separated from everyone else's. One wonderful thing to note about this especially when users are adding Addigy Identity, when they're already in production. Right?

Ross Matsuda:

So for computers that you've had for years, and people are using them, as soon as you turn on identity, when you log in for the first time, if it sees that there are some user accounts already on the Mac, it'll give you the option to connect your online identity with one of the local accounts. And that way it'll know that, "Oh, when this person signs in, go to this home folder," and it'll also sync up your login password to match the one from your identity provider. It's a great quality of life feature.

Ben Greiner:

Yeah. That's super important. And I think we'll talk a little bit about that at the end, some of the rollout features. Ah, let me go back to this video, because I did want to just finish it. Let's see. Let's go back to Okta just in time. Okay. So it does the just in time, and then I think it does another demonstration. Yeah, multi-factor authentication showing Okta. We've got the Mac on the left. We've got an iPhone on the right, where in this case, the iPhone is going to produce the two-factor that we feed into the Mac. Local login, so if for any reason you want to bypass this and go straight into the local login, you have the option to do that, if we make it available to you. Synchronization, if you change your passcode on your identity provider at Office, at Google, at Okta, it forces you to sync up here locally.

Ben Greiner:

And then you also have some options for network connections and reverting back to the Mac OS login. So user authentication simplified, that's really the goal here, simplify. Instead of giving your employees another set of credentials that they need to remember, give them one set of credentials that they can use in the cloud and on their computer. And I know this is challenging. In fact, we just had a call over the weekend. One of our clients could not log in to their Mac. And it turns out this client had recently connected their Macs to their Cloud Directory. And the person trying to log in was using their old Mac credentials.

Ben Greiner:

This is the one time where they actually remembered their Mac credentials, but it wasn't correct. They needed their cloud credentials. They needed their email credentials. And once they were reminded of that, "Oh, yes. Thank you," they were able to get in. So there are some habits we have to break, and none of this is foolproof. But in fact, let's talk about in summary. We have a few more minutes left. In summary, what is this? Ross, I don't know if you want to add to this, but it's really, in my view, a way to simplify employee logins and standardize things to add to that.

Ross Matsuda:

Yeah. I think that's huge. It allows you to simplify the onboarding process. So the new Mac comes out of the box.

Ben Greiner:

Out of the box. Yep.

Ross Matsuda:

User doesn't need a separate local account. They can just log into the computer with their email account, makes new account for them, done. For existing users. It allows them to have their passwords linked up, and make it so if their password, worst case scenario, is ever compromised, they only have to change it in one place, and then that one change will affect their workstation as well, or any other things that are connected to that Identity provider. Yeah, that's probably the biggest, the most important gain that we get from Identity.

Ben Greiner:

Yeah. Which also means if you needed to for any reason lock someone out of their computer, although there are ways through MDM to lock a computer, you could also technically change their passcode in the cloud. And then when they tried to log in, if they didn't know that passcode, they would not be able to log into their computer.

 

Who Needs Addigy Identity?

Ben Greiner:

Yep. Okay. So who needs it? I would say any organization that has at least 10 employees or more could benefit from this, and 10 is just kind of an arbitrary number, but certainly anyone who is running Microsoft 365 or Google, we know you can take advantage of it. If you're using Okta, we know you can take advantage of it. If you're using some other single sign-on, contact us, and we can talk about if it's an option for you. Yeah. Anything else to add there, Ross?

Ross Matsuda:

No, I just think it's a great feature set if it's something that jives with your company culture.

Ben Greiner:

Yeah. For sure. And why do we need it? We talked about simplification. There's another aspect to it, and that is security. And there are ways that you can not just enforce the two-factor like we showed you, but you can actually require that. And when I say require it, when you provide two-factor authentication, like we showed them the demos, but you give people the ability to also bypass that and turn to a local account, which they also showed in the videos, you're kind of I wouldn't say cheating, but you're not enforcing two-factor. Meaning if someone understands how this works, full disclosure. We're always about full disclosure. If someone understands how this works, and they don't want to use two-factor and you give them the ability to bypass that, then they can certainly do that.

Ben Greiner:

Now, you can still change the passcode, and if you don't give it to them, they're not going to be able to log in, but they could bypass two-factor. So if you are super concerned about security, and there are other ways to secure Apple devices. It's always a defense in depth, right? Layers of protection. So this is just one layer out of many that you should have, but if you said, "Well, we have to be super secure. We have to require two-factor," then there is a way to not allow anyone to bypass that. And that sounds awesome. That sounds super secure, right, Ross? But there is a disadvantage, and I'll let you talk about the disadvantage.

Ross Matsuda:

So the reason that Addigy included those two bypasses, one that allows you to pick a list of users, just local accounts straight in the Addigy Identity window, the other one to just exit Addigy Identity, and go straight to the normal login window, is for if your computer is offline, if you're on a plane that doesn't have service, and if you're traveling, and you're just in a place where you don't have internet connectivity, your computer crashes, or you have another need to restart. If you can't reach your Identity provider, you need another way to get to the computer.

Ross Matsuda:

At this time, I've been in communication with Addigy, just kicking around ideas for ways to tighten this up a little bit more, but for the time being, if we turn off all of the alternate options, if we turn off that local login list, if we turn off the ability to exit Identity to get to the default login screen, if your computer is offline and can't speak to the Identity provider, you can't log into it. It's definitely a more drastic measure, but for situations where you have really high security compliance requirements, it can be a powerful tool. And so it's an option, know that it can be done.

Ben Greiner:

Yeah. And in that situation, it means you're not going to work on that computer until you get back onto the internet, and can validate that you're the right person who should be on that computer.

Ross Matsuda:

Yeah.

Ben Greiner:

So, yeah. It's certainly powerful. And where do we get Addigy Identity? So you need to be running Addigy. If you're a client of ours, especially a legacy Forget Computers, you're already running Addigy. So we can set you up with Addigy Identity. If you're an Ntiva client, we need to get you into the new system. The new system being Addigy. So I know we're working on that. We haven't completed it yet, but we're trying to get to all the Ntiva clients, and get them into the new system, so that we can give them additional benefits like this. So if you want to get started on this, let us know.

Ben Greiner:

And how do we make it work? Ross touched on this earlier, but a Mac with an M1 chip out of the box, super easy. You break the shrink wrap. You're using Apple Zero-Touch workflow. You take it out of the box. You need to connect it to the internet, there's no way around that. Once again, it's got to be connected to the internet to have that conversation with the mobile device management solution, and Addigy Identity, and Office, or Google to make all this work. Now, if you're in the field, meaning you already have devices in the field, a choice has to be made. It can certainly happen, and we did it with our own team. In fact, we did it twice in the past couple of years. We were running the beta, and then when we moved from Forget Computers to Ntiva, we had to make a change.

Ben Greiner:

Anyway, the point is, if you already have devices out in the field, there is a method by which you can log in and sync those accounts, meaning take your cloud account and your local account, and synchronize them, and make them the same. Now you're logging in with one set of credentials using Addigy Identity. I will say there is a little bit of a challenge, because even though it works, it is possible for somebody to click the wrong option, and essentially, create another account on their computer. Right? There's just no way around that. They have to follow the instructions, and if they don't, they're going to create a brand new, fresh account that will will work, it's just they'll wonder where all their stuff is. Right? Because they just created a brand new account.

Ben Greiner:

And there's a way to recover from that, but the point is communication. If you want to make this work in the field, you've got to communicate how to do it, when to do it, and of course, we're there to support you, but we need to work with you to make that happen. And I wanted to mention as well... Or maybe that applies more to the last one, when do we deploy it? We were just having a conversation, Ross and I, about when to deploy something. And it kind of came up that maybe we could deploy this when we moved to Monterey, but, Ross, you had a very good point, is anytime you're making changes in change management, you want to kind of reduce the amount of change. So if something happens, you know why it happened.

Ben Greiner:

And so we were talking about how it's probably not a good idea to deploy this when you're making another change, because even though we've had no issues with this, people tend to associate problems together. And maybe if you did associate this with the new operating system, and you had an issue with that operating system, people might blame it on Addigy Identity, and then they don't trust Addigy Identity. Even though technically it's not related, there's no reason for them to be upset in that way, it's just natural that we would do that. So I liked the idea, and I'm glad you mentioned it, Ross, that if you're going to deploy this, deploy it as it's a standalone project. I think you do want to be on... You don't have to be on Big Sur, do you, Ross? But you have to...

Ross Matsuda:

No, I believe this works in Catalina and later.

Ben Greiner:

Okay.

Ross Matsuda:

But it's on that note, I would certainly recommend you upgrade out of Mojave.

Ben Greiner:

Yeah, yeah.

Ross Matsuda:

So if you're running on any 10.14 computers, we will politely recommend that those get upgraded to Catalina or Big Sur before we proceed.

Ben Greiner:

Yeah. So really you should be on Big Sur. And if you're not, let us help you get there. And if you want to roll out Addigy Identity, let's focus on that as a project to make sure that it's working for you, and everyone is happy with it and understands it before you move on to something else like on OS upgrade. Okay. So that's Addigy Identity, and I want to mention... I'm going to stop sharing again. I want to mention that we're going to have a complimentary blog post to go with this, and it's going to be posted next Tuesday. So I think the idea is we're going to do livestream this week, follow up blog post the following week, and then we'll keep alternating in that way. So look for that.

Ben Greiner:

And I'm going to share my screen one more time, just to close out with if you go to Ntiva.com, under Apple for Business Livestreams, we do now have upcoming livestreams. We've got a schedule. So this is the one today. Our next one will be about distributing apps to your team, unless we have to bump any one of these to talk about Monterey. If Monterey surprises us, we may bump these, but we're going to be talking about that. And we also have past livestreams. We've now completed the past livestreams. It was previously going to YouTube. Now it's going here, where you can see more details.

Ben Greiner:

You can watch them, and you can see the transcript and search the transcript. So I think that's a lot more useful. Thank you, Holly and Corey, for making that happen. And I thought I had one more note. Blog post. Yeah, that was pretty much it. I did want to mention one thing, but maybe we'll save it for later. Yeah, we'll do it next time. So we'll see in two weeks. Ross, anything else you want to add before I cut us off?

Ross Matsuda:

No, that sounds great. Like Ben said, reach out if you have any questions about identity management. We're happy to assess where you're at, and maybe see what we can help you build.

Ben Greiner:

Oh, I'm going to add one more thing. One more thing. It was the question I wanted to address was in Addigy Identity there's one thing to be aware of. You do have to log in twice, and that throws people a bit at first. That's if your computer is encrypted. So if your computer is encrypted, which we strongly recommend, you have to unlock, decrypt the hard drive, before you can get to the login screen. And currently, Apple does not provide a way for the integration of a third party to happen at the level of FileVault. So small, small price to pay for the additional streamline of the process and security, but it is something to note. You will have to log in twice, as opposed to today, if you decrypt your hard drive at FileVault, and you're not talking to any third party identity provider, Apple will pass off those login credentials, and dump you into the Finder. Correct, Ross?

Ross Matsuda:

Yep. Spot on. Sounds good.

Ben Greiner:

Okay. Okay, cool. And that's all we got. See in two weeks. Thanks, everyone. Bye.

About the Ntiva Apple for Business Livestream

Ntiva’s Ben Greiner hosts the Ntiva Apple for Business livestream every other Tuesday from 12:00 to 12:30pm CT. These live events, presented by the Ntiva team of Apple experts, are sharply focused, easily digestible, and cover topics including the latest Apple/macOS/iOS technology updates, cybersecurity, data privacy, MDM and BYOD policies, and more! We take questions from the audience and share what's working—and not working—for us and others in the industry.

VIEW MORE LIVESTREAMS