Single-Sign On¶
Summary¶
PayloadType: | com.apple.sso |
---|---|
Supervised Only: | |
N/A | |
macOS: | N/A |
macOS Deprecated: | |
N/A | |
iOS: | 7.0 |
iOS Deprecated: | N/A |
Highlander: | N/A |
Keys¶
Name¶
Human-readable name for the account
Human-readable name for the account.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
string | N/A | N/A | N/A | N/A | N/A | N/A |
Kerberos¶
Kerberos-related information
Kerberos-related information.
Type | Default | Required | Regex | iOS | macOS | Supervised |
---|---|---|---|---|---|---|
dictionary | {} | N/A | N/A | N/A | N/A | N/A |
Name | Type | Title | Description | Required |
---|---|---|---|---|
PrincipalName | string | Kerberos principal name | The Kerberos principal name. If not provided, the user is prompted for one during profile installation. This field must be provided for MDM installation. | n/a |
PayloadCertificateUUID | string | Identity Certificate UUID for renewal | The PayloadUUID of an identity certificate payload that can be used to renew the Kerberos credential without user interaction. The certificate payload must have either the com.apple.security.pkcs12 or com.apple.security.scep payload type. Both the Single Sign On payload and the identity certificate payload must be included in the same configuration profile | n/a |
Realm | string | The Kerberos realm name. | The Kerberos realm name. This value should be properly capitalized. | n/a |
URLPrefixMatches | array | List of URLs prefixes that must be matched for HTTP | List of URLs prefixes that must be matched to use this account for Kerberos authentication over HTTP. Note that the URL postfixes must match as well. | n/a |
AppIdentifierMatches | array | List of app identifiers that are allowed to use this login. | List of app identifiers that are allowed to use this login. If this field missing, this login matches all app identifiers. | n/a |