Single sign-on

The Single sign-on (SSO) settings use Kerberos SSO and authenticates user credentials only one time to grant access to apps on a managed device.

Single sign-on (SSO) settings

The following table describes the settings that you can configure for single sign-on (SSO) on an iOS device:
Policy setting Description Supported devices
Account name The account name for the Kerberos single sign-on (SSO) account. iOS 7.0+
Principal name The unique name that allows Kerberos to identify a user.

If a name is not provided, the user is prompted to provide a name during the profile installation.

iOS 7.0+
Realm The character string that contains a user account location and a user account name. This value must be in uppercase. iOS 7.0+
URL prefixes The list of URL prefixes that must match to use this account for Kerberos authentication over HTTP. URL suffixes must also match. iOS 7.0+
Identity certificates The certificate that is used to authenticate with the device. iOS 8.0+
Allowed app ranges The list or range of apps that are acceptable on the device. iOS 8.0+