Configure Extensible Single Sign-On Profile
The Single Sign-On profile enables administrators to set up an app extension that achieves single sign-on functionality on enrolled devices.
This profile is supported on macOS 10.15 or higher devices.
To configure an app extension that performs Single Sign-On on enrolled devices, follow these steps:
On the SureMDM Web Console, navigate to Profile > macOS > Add > Extensible Single Sign-On > Configure.
Enter a Profile Name and click Add.
Configure Single Sign-On Settings and click Save.
| Settings | Description |
|---|---|
| Extension Identifier | Enter the bundle Id of the app extension that performs single sign-on for the specified URLs. |
| Team Identifier | Enter the unique team ID for the app and its extension. |
| Single Sign-On Type | Select the single sign-on type: Credential Two options will be displayed: - Host - Enter host or domain names for authentication and all the host/domain names of all installed Extensible SSO payloads must be unique across all installed Extensible SSO payloads. - Realm - Enter the full Kerberos realm where the user’s account is located. Redirect The following option will be displayed: - URLs - Enter the URLs to be used by the SSO Extension, must start with https:// or http://. |
| Denied Bundle Identifiers | Enter the Bundle Ids for apps that are restricted from using the SSO Extension. Requires macOS 12 or later. |
| Screen Locked Behavior | Set how the SSO Extension should handle requests when the screen is locked: Cancel - Stops authentication requests Do Not Handle - Allow requests without SSO. Requires macOS 12 or later. |
| ExtensionData | Enter a dictionary of arbitrary data to be passed to the app extension as key-value pairs. |
The newly created profile will be listed in the Profiles section.
Go back to the Home tab and select the macOS device(s) or group(s).
Click Apply to launch the Apply Job/Profile To Device prompt.
Select the profile under All Jobs/Profiles.
Click Apply in the Apply/Profile To Device prompt.