On Mac Pro, on Safari, is there an option to link my account?
Solution 1:
Safari relies on iCloud to sync the keychain, bookmarks, open tabs, etc. Most employers block iCloud for security reasons. iCloud Drive is something they do not wish to allow. For a given user account on macOS you have one login keychain and an iCloud keychain. You cannot login to Safari with a different user account and sync data like you can with Chrome or Microsoft Edge or FireFox. However, employers can definitely block you from doing even that. There are enterprise management features in every browser that allows the employer to restrict browser extensions and the ability to login as a different user to the browser, etc.
The computer is owned by your employer and they are managing the device remotely. Normally users are not granted local administrative privileges. Developers, engineers, technicians and SysAdmins might have an extra user account with local admin but everything they do with it is logged in depth. Some employers might require a user to request local admin privileges for a limited period of time and they need to justify the business reason for the elevated access privileges. The company Mac will be checking in with an MDM (Mobile Device Management) Server where it receives instructions in the form of Configuration Profiles, policies that run scripts, software updates, and there is typically a company AppStore solution. The Mac may connect to Apple using a company Apple ID. In most cases, a company will block iCloud entirely. They may block the Apple AppStore. They may block browser extensions even on Chrome / Edge / FireFox. There's been a lot of nasty evil browser extensions that spy on you or could otherwise compromise company security. There's a lot of malware that uses browser extensions. They might force the Mac to connect to a cloud proxy such as Zscaler that forces you to authenticate before you can browse the Internet without VPN. This has become popular since the pandemic sent everyone to work from home. They might restrict connecting external storage over USB/Thunderbolt and connecting to non-company controlled network shares. They most certainly will prevent incoming SSH connections.
Read your Employee Manual and Information Technology usage policies. You are only to use the device for work purposes. The company can and probably does monitor your activity for suspicious behavior and even productivity. They can see absolutely everything. Every email you send and receive is kept in a vault and it doesn't matter if you deleted the email on your Mac. Internal chat systems are also logged. Some countries and regulatory agencies actually require logging of email and chats and if a court demanded that data and the company could not provide it there will be hefty financial penalties. Many industries are regulated to retain data for differing periods of time.
Most employers are rather relaxed but some can be downright draconian. Other employers might not be tracking everything but if you were to raise a red flag that in some way made them feel you were putting the company at risk then they most certainly could open an investigative case and start collecting a lot more data. Those that work for defense contractors or large financial firms with access to customer private data or other proprietary secret data have to be extra cautious what they do on the company computers. Not only can you get fired, you can be legally prosecuted.
Companies will monitor their computers for unapproved usage, hacking activity, data loss / leakage of intellectual property and private customer data. Error logs can be sent to a centralized server for analysis. They can collect your browser history both from your Mac but also at the network level. Even if you clear your cache on the browser they still know where and when you were surfing every website you connected to.
Most employers will respect their employees privacy while others will not. There should be zero expectation of any privacy while using a company issued computer. Big Brother is watching you if not in real time they will still have logs and history they can review if you draw their attention. In large companies there are IT security departments and they keep things confidential when running an investigation. On top of protecting the company and customer data they also look for fraudulent activity such as theft or money laundering.
IT security departments do not talk about their investigations but you would be amazed at what happens on a regular basis. Employees do remarkably dumb things all the time.
Do not put personal data of any kind on work computers that you do not wish the company to see. Again, there is ZERO PRIVACY on a work issued computer.
Just use your personal devices for personal use. Keep work on work devices. Use an iPad or something instead of the work issued computer.