Skip to main content

Configure Extensible Single Sign-On Profile

The Single Sign-On profile enables administrators to set up an app extension that achieves single sign-on functionality on enrolled devices.

note

This profile is supported on macOS 10.15 or higher devices.

To configure an app extension that performs Single Sign-On on enrolled devices, follow these steps:

  1. On the SureMDM Web Console, navigate to Profile > macOS > Add > Extensible Single Sign-On > Configure.

  2. Enter a Profile Name and click Add.

  3. Configure Single Sign-On Settings and click Save.

SettingsDescription
Extension IdentifierEnter the bundle Id of the app extension that performs single sign-on for the specified URLs.
Team IdentifierEnter the unique team ID for the app and its extension.
Single Sign-On Type
Select the single sign-on type:
 
Credential
Two options will be displayed:
- Host - Enter host or domain names for authentication and all the host/domain names of all installed Extensible SSO payloads must be unique across all installed Extensible SSO payloads.
- Realm - Enter the full Kerberos realm where the user’s account is located.
 
Redirect
The following option will be displayed:
- URLs - Enter the URLs to be used by the SSO Extension, must start with https:// or http://.
Denied Bundle IdentifiersEnter the Bundle Ids for apps that are restricted from using the SSO Extension. Requires macOS 12 or later.
Screen Locked Behavior
Set how the SSO Extension should handle requests when the screen is locked:
Cancel - Stops authentication requests
Do Not Handle - Allow requests without SSO.
Requires macOS 12 or later.
ExtensionDataEnter a dictionary of arbitrary data to be passed to the app extension as key-value pairs.

The newly created profile will be listed in the Profiles section.

  1. Go back to the Home tab and select the macOS device(s) or group(s).

  2. Click Apply to launch the Apply Job/Profile To Device prompt.

  3. Select the profile under All Jobs/Profiles.

  4. Click Apply in the Apply/Profile To Device prompt.