Configuring Kerberos Single Sign-On (iOS)
Before you begin
About this task
Procedure
- Create or edit a Reactive iOS/ Shared iPad User profile. See Creating a Profile and Editing a Profile.
-
From the Security & Restrictions configurations list,
add the Kerberos SSO configuration.
-
Enter the required Kerberos authentication details:
- Account Name: Enter the SSO account name.
- Principal Name: Enter the unique Kerberos Principal name.
- Realm: Enter the associated Kerberos realm.
- Renewal Certificate (iOS 8+): Select a Renewal Certificate from available PKI, SCEP, or
grouped certificate lists (if applicable).Note: This option is disabled if you do not include certificates or templates.
Tip: You can specify the Kerberos Principal Name using macros such as:- Active Directory User Principal Name used during enrollment
- Enrolled User Domain
- Enrolled User Username
- Enrolled User email
-
Select (Add) to specify target
applications that will use Kerberos SSO.
Alternatively, enter a URL prefix in the format
http://www.example.com
. - Save the configuration and assign the profile to your target devices. See Assigning a Profile.