Create Single Sign-On profile for iOS
You can create a Single Sign-On profile (SSO profile), to provide your users with websites and apps for which they don’t need to log in again. They only need to authenticate themselves once, e.g. in the Cortado app, and can then open the specified apps and websites directly.
A requirement for creating an SSO profile is the Kerberos authentication (username with domain and password), e.g. user1@ourdomain. NTLM authentication is required for iOS devices.
Note! This option is not available for devices that have been embedded via User Enrollment.
- Select Single Sign-On as the profile that you want to add. The following dialog will open:
Make the following settings:
- Profile name: Enter the name of the profile.
- Display name: Enter the name of the profile, as you want it displayed to the users.
- URL prefix matches: Enter the URL of websites, in the form http://cortado.com. For the app or website specified here, the user will not need to log in again.
- Kerberos principal name: Enable Autofill if you wish to enroll the profile to any user. Or use variables. If you wish to enroll this profile to a single user, enter the user name instead.
- Kerberos realm: Enable Autofill if you wish to enroll the profile to any user. If you wish to enroll this profile to a single user, enter the domain name in capital letters instead.
- App identifier matches: The SSO profile is limited to the apps specified here. If you leave this field blank, the SSO profile can be used by all applications.
- Autofill: Enable Autofill, if the entries are to be read automatically from the AD. Using this option, you can enroll the profile to any user. The user only needs to enter the password then.
You’ll find out here how to distribute the new profile (see section Assign profile).