Here’s how we closed out 2025 at Scalefusion!
1767724881790
IdP-based account creation for macOS Automated Device Enrollments
You can now enforce Keycard-based account creation during macOS ADE, allowing users to sign in with their IdP credentials right at first boot—eliminating local account creation and keeping credentials in sync from day one.
What’s new
Create macOS user accounts during ADE using IdP credentials via Keycard enforcement
Prevent local account creation and post-setup account conversion
Automatically download and configure the Scalefusion agent during the ADE flow
Ensure account name and password remain aligned with IdP credentials from first use
Note: Apple Platform SSO remains the recommended approach for Microsoft Entra and Okta environments where supported.
OneIdP SSO Support for ADFS
OneIdP now supports authentication via Active Directory Federation Services (ADFS). You can now extend modern conditional access and identity controls to legacy and cloud services alike with on-prem or hybrid AD environments.
What’s new
Configure OneIdP as the authentication and authorization source for ADFS
Support both Microsoft 365 and fully on-prem service environments
Apply OneIdP conditional access policies to ADFS-based authentication flows
Enable SSO without requiring direct AD connectors
Prefilled email for Google Workspace SSO
Users signing in from Google Workspace can now enjoy a smoother SSO experience with automatic email prefilling during OneIdP and Keycard authentication flows.
With this feature, users can:
Receive email as a login hint from Google Workspace
Auto-populate email fields in OneIdP sign-in screens
Reduce friction and duplicate input during authentication
Location Collection for Linux Devices
Scalefusion now supports location tracking for Linux inventory, giving you a consistent visibility across platforms—even on devices without GPS hardware.
Enable location tracking from either Global Settings or device profiles, with support for multiple location providers, including Google Chrome (default), Google Maps API keys for higher accuracy, and GPS hardware for IoT or specialized devices.
When needed, the system seamlessly uses IP-based location as an additional method to maintain consistent location visibility.
Note: Location accuracy is tied to existing plan tiers (Basic to Fleet Tracking)
The all new Apple Configuration experience
We’ve introduced a redesigned Apple configuration framework that allows you to create reusable policies and apply them across multiple profiles with ease.
What’s new
iOS: You can now configure and deploy Notifications, SSO Extension, and Kerberos SSO Extension payloads through the new Apple configuration experience, making it easier to manage identity and access settings across iOS devices.
macOS: A broader set of controls is now available, including Notifications, SSO Extension, Platform SSO Extension, Kerberos SSO Extension, and Privacy Preferences Policy Control (PPPC) payloads, giving IT admins more flexibility and precision when managing macOS security and authentication policies.
Improvements to Custom Payloads: Custom payloads have been reimagined as Custom Configurations, making Apple policy management more modular and easier to maintain. You can now push multiple configurations independently, associate them with different profiles, and simplify testing, rollout, and ongoing maintenance of payloads.
Note: All existing custom payloads have been automatically migrated into a new configuration entry.
Generic improvements:
Several refinements have been made to improve accuracy and consistency in admin management and automation workflows.
Global Admin identification in the Device Details > UAM section is now more reliable, and Global Admin account creation using custom properties has been streamlined.
As part of this enhancement, support for user-level ($user) custom properties in Global Admin creation has been retired, while device-level ($device) properties continue to be supported.
Additionally, script execution behavior has been tightened to ensure scripts run only when Run On Publish is explicitly enabled.
Did you like this update?
Leave your name and email so that we can reply to you (both fields are optional):
