Feb 7. 2022, The 1Kosmos Team

Integrating 1Kosmos with MacOS

1Kosmos now supports passwordless MFA for MacOs desktops without requiring any additional hardware. Workforce users can authenticate into their workstation by receiving a push alert sent to the 1Kosmos mobile app.

Supported MacOS Versions

  • MacOS Catalina (10.15)
  • MacOS Big Sur (11)

Pre-requisites 

Administrators will require access to

  • 1Kosmos Admin Portal
  • Active Directory NDES (Infrastructure that supports SCEP)
  • MacOS CP Package

End users will require access to

  • Workstation (Installed with 1Kosmos CP)
  • 1Kosmos Mobile app (Registered with their AD account)

Installation & Setup

The Credential provider package for macOS is based on virtual smartcard architecture and authenticates AD-managed users based on the user’s certificate received from the admin portal. Automation scripts ensure easy installation and uninstallation across an enterprise.

For AD managed users who are enrolled for workstation login, a SCEP certificate is generated during initial enrollment of their smartphone on the 1Kosmos app. End users are not expected to take any additional steps to enable workstation logins.

Workstation Login with Push notifications 

Users are presented with the ‘Login with 1Kosmos’ option that enables them to send a push alert to the 1Kosmos app for their registered AD account. Clicking ‘Approve’ automatically allows login to the workstation.

Video Player

Unlock Workstation with 1Kosmos

Use the push notification to unlock the workstation from the 1Kosmos mobile app.

Video Player

Login to an Offline workstation 

The credential provider can automatically detect that your workstation is offline and prompt for an Offline OTP. Offline OTP codes are available on the 1Kosmos mobile app and rotate every 30 seconds. Entering the Offline code will unlock the workstation.

Video Player

Keychain Considerations

Installing the credential provider on MacOS creates a new keychain for the existing user. Please note that the local user’s existing keychain cannot be accessed anymore. With our upcoming releases, we plan to circumvent the need to create a new keychain for the same user.