Create Single Sign-On profile for iOS
You can create a Single-Sign-On-Profil (SSO profile), to provide your users with websites and apps for which they don’t need to log in again. They only need to authenticate themselves once, e.g. in the Cortado app, and can then open the specified apps and websites directly.
A requirement for creating an SSO profile is the Kerberos authentication (username with domain and password), e.g. user1@ourdomain. For this purpose, the domain name must have been stored for each user in the user management or in the AD (during import via LDAP ). NTLM authentication is required for iOS devices.
- Select Single Sign-On as the profile that you want to add. The following dialog will open:
Make the following settings:
- Profile name: Enter the name of the profile.
- Display name: Enter the name of the profile, as you want it displayed to the users.
- URL prefix matches: Enter the URL of websites, in the form http://cortado.com. For the app or website specified here, the user will not need to log in again.
- Kerberos principal name: Enable Autofill if you wish to enroll the profile to any user (see section Using variables). If you wish to enroll this profile to a single user, enter the user name instead.
- Kerberos realm: Enable Autofill if you wish to enroll the profile to any user. If you wish to enroll this profile to a single user, enter the domain name in capital letters instead.
- App identifier matches: The SSO profile is limited to the apps specified here. If you leave this field blank, the SSO profile can be used by all applications.
You’ll find out here how to distribute the new profile (see section Assigning profiles).