Single Sign On

Single Sign On (SSO) enables device users to authenticate once instead of multiple times to multiple different apps. Once the user has authenticated to the first app, authentication is passed along to the other apps as specified by you, the SOTI MobiControl administrator. The Single Sign On feature provides the ability to specify a single sign on account profile for iOS devices. You have the ability to set up one or more single sign on accounts and to add specific apps for each account.

Account Name The SSO Account name.
Principal Name The Unique Kerberos Principal name.
Realm Required associated Kerberos Realm.
Renewal Certificate (iOS 8+) Grouped list of certificates or templates by PKI, SCEP or other, that are part of the same profile. (Disabled if no certificates or templates are included in the profile)

Kerberos Principal Name can be specify using one of the available macros:

  • Active Directory User Principal Name used while enrollment
  • Enrolled User Domain
  • Enrolled User Username
  • Enrolled User email

Target applications can be specified by clicking the Add button. Alternatively, you can specify a URL prefix.

Note: The URL prefix should be in the form of http://www.example.com.