Profile Manager Single sign-on settings
Use this payload to define Kerberos account information when accessing servers or specified apps.
Note: Use the single sign-on payload for iOS device, user, and user group configuration profiles. For more information, see About profiles and payloads and Payload best practices.
Single sign-on is a concept based on Kerberos, where authentication to services running on various servers is granted. This is based on a trust relationship between the servers and the account. Both Open Directory and Active Directory use single sign-on to authenticate to additional servers that they trust.
Setting | Description |
|---|---|
Account Name | Name of the user account—for example, Alex Hunter. |
Principal Name | Kerberos principal name for the user account—for example, alexhunter@SERVER.EXAMPLE.COM |
Realm | The full Kerberos realm where the user’s account is located. |
Renewal Certificate | The certificate used to silently renew a Kerberos ticket. |
URL patterns | URLs to be used with this account. Any URLs that don’t match the pattern won’t be contacted. |
Specific apps | Apps that can take advantage of single sign-on can be listed here by their app identifier. |