Single sign-on configuration (iOS device profile)

With the Single sign-on configuration you define settings for a single sign-on for third-party apps.




A human-readable name for the account.

Kerberos principal name

The Kerberos principal name.

If you do not enter a value, the user must enter the name during profile installation.


The Kerberos realm name.

You must enter the name in upper-case.


A list of URL prefixes that must be matched to use the account for Kerberos authentication over HTTP.

Values must begin with http:// or https://

If a value doesn’t end with /, the / is added by Sophos Mobile.

For devices with iOS 9.0 or later, you may use a single asterisk (*) to match all values. For example, https://* matches or

App identifiers

A list of bundle IDs of apps.

Values must be either exact matches (e.g. com.sophos.smsec), or prefixes, using the characters .* at the end of the string (e.g. com.sophos.*).