Single Sign-On MDM payload settings for Apple devices
You can configure single sign-on settings for iPhone and iPad devices enrolled in a mobile device management (MDM) solution. Use the Single Sign-On payload to define Kerberos account information when accessing servers or specified apps.
Single Sign-On is a concept based on Kerberos, where authentication to services running on various servers is granted. This is based on a trust relationship between the servers and the account. Active Directory uses Single Sign-On to authenticate to additional servers that they trust.
Note: This payload can be installed only by an MDM solution.
OS and channel
Supported enrolment types
Name of the user account — for example, Alex Hunter.
Kerberos principal name for the user account — for example, alexhunter@SERVER.EXAMPLE.COM
The full Kerberos realm where the user’s account is located.
Renewal Certificate payload
The Certificates payload used to silently renew a Kerberos ticket.
URLs to be used with this account. Any URLs that don’t match the pattern won’t be contacted.
Apps that can take advantage of single sign-on can be listed here by their app identifier.