XCreds supercharges your Mac login window. Use your Azure, Google Cloud, Okta or any OpenID Connect password to log in to your Mac. XCreds verifies the password with your identity provider and saves the tokens to the user keychain for validation that the cloud password is in sync with the local password. Perfect.
Brand new Mac? No worries! XCreds will provision the user account, home directory and all that you need for first log in. All you need to do is log in. If WiFi is not set up, XCreds allows you to select a wireless network for that first connection. Easy as that.
XCreds uses configuration profiles for all settings. Create the configuration profile using Profile Creator and drop it into your MDM. Done.
Getting on a plane and no WiFi but still need to log in? Want to log in as a local user or an admin account? XCreds can easily switch to the standard macOS Login Window. Just like that.
XCreds works by keeping your local Mac password in sync with your Identity Provider password. If you use Azure or Google or another identity provider, XCreds will make sure the password is the same. XCreds runs in the background and checks if the cloud password has been changed. If it detects the password has changed, it prompts to log in to the cloud provider and updates the local password and the keychain password automatically.
Log in with local Active Directory user accounts right from the XCreds login window. Even if the user has not logged in before, a local account will be provisioned and the local password will be set to the Active Directory password. Once the user has logged in, a kerberos ticket will be requested for Active Directory Single Sign-On. On subsequent logins, the local password will be updated to match the Active Directory password.
XCreds is open source software so you can deploy it to all your Macs, audit the code, make changes, and know that it will be around when you need it. If you need support for your organization, there is a public Slack channel on MacAdmins Slack.
When the local password is different from cloud passwords, it can drive up support costs. Using XCreds, any change in the cloud password is detected and the local password is updated along with the login keychain.
We’ve added functionality to our Signing Service via Gate and Token Manager! These apps can now issue certificates on their own.