The Single sign-on (SSO) settings use Kerberos SSO and authenticates user credentials only one time to grant access to apps on a managed device.
Single sign-on (SSO) settings
The following table describes the settings that you can configure for single sign-on (SSO) on an iOS device:
|Policy setting||Description||Supported devices|
|Account name||The account name for the Kerberos single sign-on (SSO) account.||iOS 7.0+|
|Principal name||The unique name that allows Kerberos to identify a user.
If a name is not provided, the user is prompted to provide a name during the profile installation.
|Realm||The character string that contains a user account location and a user account name. This value must be in uppercase.||iOS 7.0+|
|URL prefixes||The list of URL prefixes that must match to use this account for Kerberos authentication over HTTP. URL suffixes must also match.||iOS 7.0+|
|Identity certificates||The certificate that is used to authenticate with the device.||iOS 8.0+|
|Allowed app ranges||The list or range of apps that are acceptable on the device.||iOS 8.0+|