Single sign-on configuration (macOS user policy)

With the Single sign-on configuration you define settings for a single sign-on for third-party apps.




A human-readable name for the account.

Kerberos principal name

The Kerberos principal name.

If you leave this field empty, the user must enter the name.


The Kerberos realm name.

You must enter the name in upper-case.


A list of URL prefixes that must be matched to use the account for Kerberos authentication over HTTP.

Values must begin with http:// or https://

If a value doesn’t end with /, the / is added by Sophos Mobile.

App IDs

A list of bundle IDs of apps.

Values must be either exact matches (e.g. com.sophos.smsec), or prefixes, using the characters .* at the end of the string (e.g. com.sophos.*).