Enable automatic authentication for iOS devices using a single sign-on profile
iOS
devices using a single sign-on profileThe single sign-on profile is a legacy profile with basic configuration options. If you want to use the more advanced single sign-on extension profile, see Enable automatic authentication for iOS devices using a single sign-on extension profile.
If you want to use certificate-based authentication, you must first create a shared certificate profile, SCEP profile, or user credential profile.
- In the management console, on the menu bar, clickPolicies and profiles > Networks and connections > Single sign-on.
- Click
. - Type a name and description for the profile.
- In theKerberossection, click.
- In theNamefield, type a name for the configuration.
- In thePrincipal namefield, type the name of theKerberosPrincipal, using the format<primary>/<instance>@<realm>(for example, user/admin@blackberry.example.com).
- In theRealmfield, type theKerberosrealm in uppercase letters (for example, EXAMPLE.COM).
- In theURL prefixesfield, type the URL prefix for the sites that you want devices to authenticate with. The prefix must begin with http:// or https://, and can include wildcard values (*) (for example, https://www.blackberry.example.com/*).If necessary, click to add additional URL prefixes.
- If you want to limit the configuration to specific apps, click + besideApp identifiersand specify the app bundle ID. You can use a wildcard value (*) to match the ID to multiple apps (for example, com.company.*).If necessary, click to add additional URL prefixes.
- If you wantiOSdevices to use certificate-based authentication, in theCredentialsdrop-down list, clickCertificate,SCEP, orUser credential. In the drop-down list, click the certificate profile that you want to use.
- ClickAdd.
- ClickAddagain.
- If necessary, rank the profile.
- Assign the profile to user accounts and groups.