Single Sign-on (macOS)

Use the Single Sign-on (SSO) profile configuration for app extensions that perform single sign-on for compatible macOS devices.
Note: Requires macOS 13.0 or later.
Do this when:
Table 1. Extensible SSO Details
App Extension Bundle Identifier Enter the bundle identifier of the app extension that performs single sign-on for the specified URLs.
SSO Type Select the single sign-on type: Redirect or Credential.
Realm If Credential is the SSO type, use this field to enter the required associated Kerberos Realm.
Add URL Prefix If Redirect is the SSO type, select the button to add URL prefixes of identity providers where the app extension performs single sign-on.
Add Host Names If Credential is the SSO type, select the button to add host or domain names to authenticate through the app extension.
Extension Data Use this field to add data you want to pass through to the app extension as a plist-formatted dictionary. The data must begin and end with <dict> tags.
Table 2. Platform SSO Details
Enable platform SSO When enabled, you can extend platform SSO capabilities to the login window. This feature gathers details for LDAP or Smart card Authentication.
Restriction:
  • Requires macOS 14.0+
  • You can only create one Platform SSO per device. If you try to install more Platform SSO, the installation fails.
Account display name

You must Enable platform SSO to access this feature.

Enter an account name. Notifications and authentication request displays the entered account name.
Authentication method
You must Enable platform SSO to access this feature. Select the sign in method to use within platform SSO. Choose from:
  • Password
  • Smart Card
Note: The SSO Extension must support this authentication type.