Single Sign-On MDM payload settings for Apple devices
You can configure single sign-on settings for iPhone and iPad devices enrolled in a mobile device management (MDM) solution. Use the Single Sign-On payload to define Kerberos account information when accessing servers or specified apps.
Single Sign-On is a concept based on Kerberos, where authentication to services running on various servers is granted. This is based on a trust relationship between the servers and the account. Active Directory uses Single Sign-On to authenticate to additional servers that they trust.
Note: This payload can be installed only by an MDM solution.
OS and channel
Supported enrollment types
Name of the user account—for example, Alex Hunter.
Kerberos principal name for the user account—for example, alexhunter@SERVER.EXAMPLE.COM
The full Kerberos realm where the user’s account is located.
Renewal Certificate payload
The Certificates payload used to silently renew a Kerberos ticket.
URLs to be used with this account. Any URLs that don’t match the pattern won’t be contacted.
Apps that can take advantage of single sign-on can be listed here by their app identifier.