Platform SSO user registration never starts after successful device registration during Setup Assistant

Question

Created 2d

Replies 2

Boosts 0

Participants 1

I’m testing a macOS Platform SSO extension deployed through Jamf, and I’m seeing an issue where device registration completes successfully during Setup Assistant, but user registration never gets triggered.

Current Platform SSO profile settings:

Authentication mode:Secure Enclave
Enable registration during setup:Enabled
Create first user during Setup:Enabled
New user creation authentication method:Password

Observed behavior:

The Platform SSO extension is discovered and loaded.
Device registration starts and completes successfully.
My extension’s device registration completion path is reached.
registrationDidCompleteis called.
The device configuration appears to be updated.
After that, I expect Platform SSO to call the user registration flow, but my extension’sbeginUserRegistration(...)is never invoked.

The strange part is that this only seems blocked at the user-registration handoff. Device registration during Setup Assistant works reliably.

Boost

Answer 1

siddhant-mac OP

1d

I was trying to debug this further by checking the setup assistant logs and I see below logs....

2026-05-20 10:08:50.666674+0530 0xc8dd  Error    0x5b0e1       4203  0  Setup Assistant: (AppSSOCore) [com.apple.AppSSO:SOErrorHelper] Error Domain=com.apple.AppSSO.AuthorizationError Code=-1000 "No valid IdP extension with bundle ID: <REDACTED_BUNDLE_ID>" UserInfo={NSLocalizedDescription=No valid IdP extension with bundle ID: <REDACTED_BUNDLE_ID>}

2026-05-20 10:08:50.666677+0530 0xc8dd   Default   0x5b0e1       4203  0  Setup Assistant: (AppSSO) [com.apple.AppSSO:SOExtensionFinder] findExtensionWithBundleIdentifier: (null), error: Error Domain=com.apple.AppSSO.AuthorizationError Code=-1000 "No valid IdP extension with bundle ID: <REDACTED_BUNDLE_ID>" UserInfo={NSLocalizedDescription=No valid IdP extension with bundle ID: <REDACTED_BUNDLE_ID>}

2026-05-20 10:08:50.666680+0530 0xc8dd   Error    0x5b0e1       4203  0  Setup Assistant: (AppSSO) [com.apple.AppSSO:SOExtensionManager] extension not found: <REDACTED_BUNDLE_ID>, error: Error Domain=com.apple.AppSSO.AuthorizationError Code=-1000 "No valid IdP extension with bundle ID: <REDACTED_BUNDLE_ID>" UserInfo={NSLocalizedDescription=No valid IdP extension with bundle ID: <REDACTED_BUNDLE_ID>}

2026-05-20 10:08:50.666683+0530 0xc8dd   Error    0x5b0e1       4203  0  Setup Assistant: (PlatformSSO) [com.apple.AppSSO:POExtension] PlatformSSO extension not found (<REDACTED_BUNDLE_ID>)

2026-05-20 10:08:50.666694+0530 0xc8dd   Default   0x5b0e1       4203  0  Setup Assistant: (PlatformSSO) [com.apple.AppSSO:POExtension] -[POExtension _unload] on <private>

2026-05-20 10:08:50.666695+0530 0xc8dd   Error    0x5b0e1       4203  0  Setup Assistant: (PlatformSSO) [com.apple.AppSSO:PORegistrationManager] Platform SSO extension not found

2026-05-20 10:08:50.666713+0530 0xc8dd   Default   0x5b0e1       4203  7  Setup Assistant: [com.apple.macbuddy:MacBuddyX] Skipping flow item PlatformSSOUserRegistration because it does not need to run

Its quite strange that during device registration extension was discovered and device registration completes but during user registration it fails to find the extension.

Could this be a bug ?

0

Answer 2

siddhant-mac OP

1d

Okay, looks like I figured out the issue. I was running my app (which contains the SSO extension) as a launch agent from /Library/<MyCustomFolder>, and it worked fine for classic Platform SSO where enrollment is triggered from the notification. However, for Simplified Setup to work, I had to place the app in /Applications.

Is this expected behavior, or is it a bug? I mean either it should work with /Library/<MyCustomFolder> in all the cases including simplifed setup or doesn't work at all.

0