Apple Platform Deployment
- Welcome
- Intro to Apple platform deployment
- What’s new
-
-
- General payload settings
- Accessibility payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Configuration payload settings
- AppLayerVPN payload settings
- Associated Domains payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Cellular payload settings
- Certificates payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Dock payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-On payload settings
- Extensible Single Sign-On Kerberos payload settings
- Extensions payload settings
- File Provider payload settings
- Finder payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen layout payload settings
- Identification payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen message payload settings
- Login Items payload settings
- Login Window payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Password and passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Proxy payload settings
- SCEP payload settings
- Security & Privacy payload settings
- Setup Assistant payload settings
- Single App Mode payload settings
- Single Sign-On payload settings
- Smart Card payload settings
- Software Update payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload settings
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- Xsan payload settings
- Glossary
- Document revision history
- Copyright

Single Sign-On MDM payload settings for Apple devices
You can configure Single sign-on settings for iPhone and iPad devices enrolled in a mobile device management (MDM) solution. Use the Single Sign-On payload to define Kerberos account information when accessing servers or specified apps.
Single sign-on is a concept based on Kerberos, where authentication to services running on various servers is granted. This is based on a trust relationship between the servers and the account. Active Directory uses Single sign-on to authenticate to additional servers that they trust. For more information, see Intro to Single sign-on.
Note: This payload can be installed only by an MDM solution.
Supported operating system and channel | Supported enrollment types | Interaction | Duplicates |
|---|---|---|---|
iOS iPadOS | User Device Automated Device | Exclusive | Single |
Setting | Description | Required |
|---|---|---|
Account Name | Name of the user account—for example, Alex Hunter. | Yes |
Principal Name | Kerberos principal name for the user account—for example, alexhunter@SERVER.EXAMPLE.COM | Yes |
Realm | The full Kerberos realm where the user’s account is located. | Yes |
Renewal Certificate payload | The Certificates payload used to silently renew a Kerberos ticket. | No |
URL patterns | URLs to be used with this account. Any URLs that don’t match the pattern won’t be contacted. | No |
Specific apps | Apps that can take advantage of Single sign-on can be listed here by their app identifier. | No |