MacOS Captive Portal not redirecting to SAML login page

Clicking“Click here to log in” does nothing in the MacOS Captive Portal.

Alternatively, users can still open a browser manually and be redirected and log in successfully via the SAML page.

The native MacOS captive portal window is not fully compatible with SAML2 authentication flows, as it cannot properly handle the required IdP login page redirection. 

1. Bypass the MacOS Captive Portal

• Add captive.apple.com to your firewall’s access rule (custom AR) to allow it.

• Alternatively, once the FQDN has been created, instead of creating a custom rule, the default SAML bypass rule for G Suite can be used. The admin just needs to add the FQDN object to the default group "SAML Bypass List For G Suite"

• This prevents the MacOS captive portal window from appearing.

2. Instruct Users to Open a Browser Manually

• After connecting to Wi-Fi, users should open Chrome or Safari and open any website (avoiding those with HSTS like google.com) 
• They will be redirected to the SAML login page as expected.
• Complete the login process in the browser.

3. (Optional) Educate Users

• Inform users that the captive portal window should be ignored.
• Always use a full browser for authentication.