Configure Extensible Single Sign-On Profile
The Extensible Single Sign-On profile enables administrators to set up an app extension that achieves single sign-on functionality on enrolled devices.
This profile is supported on iOS 13 or higher devices.
To configure an app extension that performs Single Sign-On on enrolled devices, follow these steps:
On the SureMDM Web Console, navigate to Profile > iOS/iPadOS > Add > Extensible Single Sign-On > Configure.
Enter a Profile Name and click Add.
Configure Single Sign-On Settings and click Add.
| Settings | Description |
|---|---|
| SSO Provider | Choose the identity provider responsible for handling Single Sign-On authentication for this configuration. - Microsoft Authenticator for SSO - Manual Configuration |
| Extension Identifier | Enter the bundle Id of the app extension that performs single sign-on for the specified URLs. Applicable only if Manual Configuration is selected as SSO Provider. |
| Single Sign-On Type | Select the SSO type. - Credential - Redirect Applicable only if Manual Configuration is selected as SSO Provider. |
| Realm | Enter the Realm name for the credential payload. Applicable only if Manual Configuration is selected as SSO Provider and Credential as Single Sign-On Type. |
| Host | Enter the array of hostnames or domain names that are authenticated using app extensions. Applicable only if Manual Configuration is selected as SSO Provider and Credential as Single Sign-On Type. |
| URLs | An array of URL prefixes of identity providers where the app extension performs SSO. |
| Shared Device Mode | Enable this option to configure Microsoft Authenticator in Shared Device mode for a seamless user experience and secure sharing across the organization. Available in iOS 14.0 / iPadOS 14.0 or later. Applicable only if Microsoft Authenticator for SSO is selected as SSO Provider. |
The configured entries will appear in the table on the DNS Settings screen.
Click Save.
The newly created profile will be listed in the Profiles section.Go back to the Home tab and select the iOS/iPadOS device(s) or group(s).
Click Apply to launch the Apply Job/Profile To Device prompt.
In the Apply Job/Profile To Device prompt, select the created profile and click Apply.