We are using Apple's PSSO to federate device login to out own IdP. We have developed our own extension app and deployed it using MDM. Things works fine but there are 2 issues that we are trying to get to the root cause -
- On some devices after restarting we see an error message on the logic screen saying "The <Company Name> registration for this device is invalid and must be repaired"
- And other error message is "SmartCard configuration is invalid for this account"
For the 1st we have figured out that this happens when the registration doesn't happen fully and the key is not tied to the user so when the disk needs to be decrypted at the FileVault screen the issue is raised.
For the "SmartCard configuration is invalid for this account" issue also one aspect is invalid registration but there has been other instances as well where the devices were registered completely but then also the the above error was raised. We verified the registration being completed by checking if the SmartCard is visible in the System Report containing the key.
Has anyone seen the above issues and any possible resolution around it?