Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:


How to setup Two-Factor Authentication (2FA/MFA) for MacOS

With the pace of password-based security breaches, simply using usernames and passwords to secure a MacOS is no longer an option. That’s why it has become necessary to add an additional layer of two-factor authentication security to filter out unauthorized users.

miniOrange's MacOS MFA prevents these sorts of Password-Based breaches and adds an additional layer of security. As the MacOS 2FA / MFA feature is enabled, users have to authenticate themselves in two successive stages to access their Mac machines. The first level of authentication happens using their usual Mac credentials. For the second level of authentication, admins can choose from the wide range of 15+ MFA authentication methods that miniOrange offers.

miniOrange 2FA Credential Provider for MacOS access supports following Multi-Factor Authentication (2FA/MFA) Methods:-

Authentication TypeMethodSupported
miniOrange Authenticator Soft Token
miniOrange Push Notification
Mobile Token Google Authenticator
Microsoft Authenticator
Authy Authenticator
SMS with Link
EmailOTP Over Email
Email with Link
Call VerificationOTP Over Call
Hardware Token YubiKey Hardware Token
Display Hardware Token

Get Free Installation Help - Book a Slot

miniOrange offers free help through a consultation call with our System Engineers to Install or Setup Multi-Factor Authentication (2FA) for MacOS Logon in your environment with 30 days trial.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you setting it up in no time.

Prerequisites for MacOS MFA

  • miniOrange Cloud Account or Onpremise Setup.
  • Enroll Users in miniOrange before Configuration:
    1. The username of the user in miniOrange should be the same as in MacOS Username.
    2. This is required so that the service can prompt the appropriate 2FA for the customer based on the defined policy and provide secure access to machine.
    3. There are multiple methods to add users in miniOrange.
      1. Admin can add end users
      2. Setup user provisioning from your existing identity source or Active directory.

Step by step guide to setup Multi-Factor Authentication (2FA/MFA) for MacOS Logon

1. Setup your miniOrange dashboard for MacOS 2FA

In this step, we are going to setup your Two-Factor Authentication (2FA) preferences, such as:

  • Which users should be asked for 2FA during MacOS logon.
  • What 2FA methods can they use.

1.1 Adding app and policy for 2FA

  • Login into miniOrange Admin Console.
  • Go to Apps and click on Add Application button.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • In Choose Application Type click on Desktop application type.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • Add macOS app on miniOrange.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • Add App Name.
  • MacOS Multi-Factor Authentication 2FA/MFA mention app name

  • Select Login Method as Password and Enable 2-Factor Authentication (2FA).
  • Select Login method as Two-Factor Authentication

  • Click on Save.

1.2 Choose which 2FA options the users can use

  • Go to 2-Factor Authentication >> Choose 2FA Options for End User
  • Choose 2FA method for enduser

  • Disable the methods you don’t want your users to configure or use for MFA
  • Disable 2FA methods which you don't want to show up

2. Setup miniOrange Two-Factor Authentication (2FA/MFA) Provider for MacOS

  • Download the module from here.
  • Extract the macOSMFA.zip folder and unzip it. Afterward, navigate to the macOSMFA directory via terminal.
  • Give the execute permissions to the script via running this command in the terminal:
  • chmod +x installer_config.sh

    MacOS Multi-Factor Authentication 2FA/MFA

  • Run below command to generate configured installer:
  • ./installer_config.sh

    MacOS Multi-Factor Authentication 2FA/MFA

  • You will be asked for some configuration details. To fill in these details, login to your miniOrange admin account on Cloud or On Premise.
  • Click on the Settings icon on top right corner.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • Copy the Customer Key and API key.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • Now, Go to Apps and copy the name of the macOS application created in Step 1.
  • MacOS Multi-Factor Authentication 2FA/MFA

    Allow user to login if user is not present in miniOrange true If user is not present in miniOrange he/she can login without MFA
    false If user is not present in miniOrange, he/she can’t login
    Allow user to login if Policy is not configured for User true If user is not present in Policy group he/she can login without MFA
    false If user is not present in Policy group he/she can’t login
  • Paste the values of Customer key, API Key, App name and the values from table above in the terminal and press enter.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • A new installer should be generated with the name macOSMFAConfigured.pkg. Use this pkg to install MFA on macOS machines.

3. Configure MFA on Staff Machines

  • Transfer the macOSMFAConfigured.pkg to the machines where you intend to set up MFA.
  • Open terminal and run command:
    xattr -dr com.apple.quarantine /path/to/macOSMFAConfigured.pkg
  • Run the installer.

4. Test the Multi-factor Solution

  • Logout from the machine. You should see the screen below.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • When you click on your username, it will ask for the password. Fill your password and press Enter.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • After entering the password it will prompt you for 2nd factor authentication.
  • MacOS Multi-Factor Authentication 2FA/MFA

  • After 2FA verification is successful, you will be logged in.

5. Uninstall the Multi-factor Solution

  • To remove MFA from your system run macOSMFAUninstaller.pkg from the downloaded folder and logout from the machine.

External References

Want To Schedule A Demo?

Request a Demo

Our Other Identity & Access Management Products