Single sign-on
The Single sign-on (SSO) settings use Kerberos SSO and authenticate user credentials only one time to grant access to apps on a managed device.
Note: SSO is deprecated from iOS version 26 and later.
Single sign-on (SSO) settings
The following table describes the settings that you can configure for single sign-on (SSO) on an
iOS device.
| Policy setting | Description | Supported devices |
|---|---|---|
| Account name | The account name for the Kerberos single sign-on (SSO) account. | iOS 7.0 and later |
| Principal name | The unique name that allows Kerberos to identify a user. If a name is not provided, the user is prompted to provide a name during the profile installation. |
iOS 7.0 and later |
| Realm | The character string that contains a user account location and a user account name. This value must be in uppercase. | iOS 7.0 and later |
| URL prefixes | The list of URL prefixes that must match to use this account for Kerberos authentication over HTTP. URL suffixes must also match. | iOS 7.0 and later |
| Identity certificates | The certificate that is used to authenticate with the device. | iOS 8.0 and later |
| Allowed app ranges | The list or range of apps that are acceptable on the device. | iOS 8.0 and later |