Single sign-on settings

Use this payload to define Kerberos account information when accessing servers or specified apps.

Note: Use the single sign-on payload for iOS device, user, and user group configuration profiles. For more information, see About profiles and payloads and Payload best practices.

Single sign-on is a concept based on Kerberos, where authentication to services running on various servers is granted. This is based on a trust relationship between the servers and the account. Both Open Directory and Active Directory use single sign-on to authenticate to additional servers that they trust.



Account Name

Name of the user account—for example, Alex Hunter.

Principal Name

Kerberos principal name for the user account—for example, alexhunter@SERVER.EXAMPLE.COM


The full Kerberos realm where the user’s account is located.

Renewal Certificate

The certificate used to silently renew a Kerberos ticket.

URL patterns

URLs to be used with this account. Any URLs that don’t match the pattern won’t be contacted.

Specific apps

Apps that can take advantage of single sign-on can be listed here by their app identifier.