fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Orbit fails to run when enrolling into a team with end user authentication enabled on macOS

Open GrayW opened this issue 1 month ago • 4 comments

Fleet version: 4.77.0

💥  Actual behavior

When installing the agent using a generated package on a macOS host, enrolling into a team with end user authentication required enabled, the host fails to enroll to the Fleet instance.

The following error appears in the logs:

2025-12-11T08:25:46-08:00 INF orbit enroll attempt failed error="enroll request: end user authentication required"
2025-12-11T08:25:46-08:00 ERR opening SSO window error="opening browser: opening setup experience browser page not supported on darwin"

The behaviour is inconsistent across the same macOS versions (26.1)

🛠️ To fix

On manually-enrolled Macs, open up a browser window to do end user auth the same way Windows and Linux hosts do

🧑‍💻  Steps to reproduce

These steps:

  • [ ] Have been confirmed to consistently lead to reproduction in multiple Fleet instances.
  • [x] Describe the workflow that led to the error, but have not yet been reproduced in multiple Fleet instances.
  1. Unable to reliably reproduce so far

🕯️ More info (optional)

GrayW avatar Dec 11 '25 16:12 GrayW

Reproduced in Dogfood. Marking this as a P1 and assigning to @sharon-fdm.

ksatter avatar Dec 11 '25 18:12 ksatter

Thanks @ksatter. I agree this is a P1. We are on it.

cc @sgress454 @lucasmrod

sharon-fdm avatar Dec 11 '25 19:12 sharon-fdm

We're on it, thanks for the report!

sgress454 avatar Dec 11 '25 19:12 sgress454

@sgress454 @lucasmrod I'm not sure if #37134 is another manifestation of the same issue, can you take a look to see what you think?

ksatter avatar Dec 11 '25 19:12 ksatter

Linked to Unthread ticket:

Device Status Display Issue in Console #10867

Sampfluger88 avatar Dec 15 '25 16:12 Sampfluger88