New Identity capabilities reframe the login window as the trigger for policy and user-based management — and arrive without an add-on license, challenging a category that has long sold identity as a paid security upgrade.
Addigy, the Apple device management platform built for managed service providers and IT teams, launched Addigy Identity – included at no additional cost in every Addigy plan. The capabilities include a redesigned login experience, IdP-driven end-user management, identity-based device assignment, and an opt-in capability that eliminates the second sign-in on FileVault-encrypted Macs.
Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX
The real attack surface in modern Apple management isn’t the device — it’s the person authenticated on it. Addigy has always treated security as the foundation of our MDM platform. A foundation can’t sit behind a paywall, and neither should identity.
The decision to include identity at no additional cost reflects a position Addigy has held since its founding: that security is the foundation of an Apple management platform, not a feature stacked on top. The real attack surface in modern Apple management is not the device, it is the person authenticated on it.
For more than a decade, Apple device management has been measured by what happens after a device is enrolled — policies pushed, inventory collected, compliance reported. Addigy’s view is that the more consequential moment happens earlier, at the login window. Every signal that matters in a modern Apple fleet — who is at the keyboard, what device they are on, what policies apply, what compliance posture they hold — either starts at login or does not start at all.
Addigy Identity turns the login window into an active policy trigger. A redesigned login experience replaces the legacy Mac sign-in flow with a Mac-native experience that works with Okta, Microsoft Entra ID, and Google Workspace. End-User Management syncs users from any SCIM-compatible identity provider — Okta and Microsoft Entra ID are supported natively, and Google Workspace is supported via standard SCIM configuration. Each Identity sign-in then maps the device to the matching directory user, feeding those attributes into Addigy’s policy engine so admins can target Flex Policies by department, role, or group. A new opt-in capability removes the second authentication step that has historically followed every reboot on FileVault-encrypted Macs, collapsing what was two sign-ins into one.
“We believe identity should be simple for the user and low-drama for IT,” said Tim Pearson, Owner and IT Partner of Creative Techs. “As an MSP, we’re always trying to reduce moving parts, not add them. Addigy Identity is exciting because the best identity experience is the one that just works — quietly, securely, and without friction.”
Early customers report material time savings. One IT engineer running a 2,000+ device Apple fleet for a large construction firm cut full device setup from 15 minutes to 3–5 minutes after switching to user-attribute-driven policies.
“The real attack surface in modern Apple management isn’t the device — it’s the person authenticated on it,” said Jason Dettbarn, Founder and CTO of Addigy. “We’ve always treated security as the foundation of this platform, not a feature stacked on top. A foundation can’t sit behind a paywall, and neither can identity. That’s why Addigy Identity is included in every plan.”
The launch also reflects an architectural bet Addigy has made since its founding: that Apple management’s next chapter is multi-tenant by default. The category was built for a world where one team manages one fleet with one identity provider. That assumption no longer matches how most IT environments operate — managed service providers running client portfolios where Okta, Entra ID, and Google Workspace coexist, or consolidated IT teams managing business units with different identity systems. Addigy Identity connects each tenant’s identity provider from a single console, with branding, configuration, and policy scoped per client.
Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?
[To share your insights with us, please write to psen@itechseries.com ]
