Single-Sign On

Summary

PayloadType:com.apple.sso
Supervised Only:
 N/A
macOS:N/A
macOS Deprecated:
 N/A
iOS:7.0
iOS Deprecated:N/A
Highlander:N/A

Keys

Name

Human-readable name for the account

Human-readable name for the account.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

Kerberos

Kerberos-related information

Kerberos-related information.

Type Default Required Regex iOS macOS Supervised
dictionary {} N/A N/A N/A N/A N/A
Name Type Title Description Required
PrincipalName string Kerberos principal name The Kerberos principal name. If not provided, the user is prompted for one during profile installation. This field must be provided for MDM installation. n/a
PayloadCertificateUUID string Identity Certificate UUID for renewal The PayloadUUID of an identity certificate payload that can be used to renew the Kerberos credential without user interaction. The certificate payload must have either the com.apple.security.pkcs12 or com.apple.security.scep payload type. Both the Single Sign On payload and the identity certificate payload must be included in the same configuration profile n/a
Realm string The Kerberos realm name. The Kerberos realm name. This value should be properly capitalized. n/a
URLPrefixMatches array List of URLs prefixes that must be matched for HTTP List of URLs prefixes that must be matched to use this account for Kerberos authentication over HTTP. Note that the URL postfixes must match as well. n/a
AppIdentifierMatches array List of app identifiers that are allowed to use this login. List of app identifiers that are allowed to use this login. If this field missing, this login matches all app identifiers. n/a