Configure Extensible Single Sign-On Profile
The Extensible Single Sign-On profile enables administrators to set up an app extension that achieves single sign-on functionality on enrolled devices.
- Supported OS Version: iOS 13.0 and iPadOS 13.0 or later
- Supported Enrollment Types:
- Device Enrollment and Automated Device Enrollment
- User Enrollment
To configure an app extension that performs Single Sign-On on enrolled devices, follow these steps:
On the SureMDM Web Console, navigate to Profile > iOS/iPadOS > Add > Select Enrollment Type > Identity and Access Management > Extensible Single Sign-On > Configure.
Enter a Profile Name and click Add.
Configure Single Sign-On Settings and click Add.
| Settings | Description |
|---|---|
| SSO Provider | Choose the identity provider responsible for handling Single Sign-On authentication for this configuration. Microsoft Enterprise SSO via Company Portal App - When selected, SureMDM automatically populates the required values for the Company Portal. Manual Configuration - When selected, the administrator must manually configure the required settings. |
| Extension Identifier | Enter the bundle Id of the app extension that performs single sign-on for the specified URLs. Applicable only if Manual Configuration is selected as SSO Provider. |
| Single Sign-On Type | Select the SSO type. - Credential - Redirect Applicable only if Manual Configuration is selected as SSO Provider. |
| Realm | Enter the Realm name for the credential payload. Applicable only if Manual Configuration is selected as SSO Provider and Credential as Single Sign-On Type. |
| Host | Enter the array of hostnames or domain names that are authenticated using app extensions. Applicable only if Manual Configuration is selected as SSO Provider and Credential as Single Sign-On Type. |
| URLs | An array of URL prefixes of identity providers where the app extension performs SSO. |
| Shared Device Mode | Enable this option to configure Microsoft Authenticator in Shared Device mode for a seamless user experience and secure sharing across the organization. Available in iOS 14.0 / iPadOS 14.0 or later. Applicable only if Microsoft Authenticator for SSO is selected as SSO Provider. |
| ExtensionData | Enter a dictionary of arbitrary data to be passed to the app extension as key-value pairs. |
Click Save.
The newly created profile will be listed in the Profiles section.Go back to the Home tab and select the iOS/iPadOS device(s) or group(s).
Click Apply to launch the Apply Job/Profile To Device prompt.
In the Apply Job/Profile To Device prompt, select the created profile and click Apply.