-
-
-
SSO account device policy
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
SSO account device policy
You create single sign-on (SSO) accounts in XenMobile to let users sign on one-time only to access XenMobile and your internal company resources from various apps. Users do not need to store any credentials on the device. The SSO account enterprise user credentials are used across apps, including apps from the App Store. This policy is designed to work with a Kerberos authentication back end.
This policy applies only to iOS 7.0 and later.
To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.
iOS settings
- Account name: Enter the Kerberos SSO account name that appears on users’ devices. This field is required.
- Kerberos principal name: Enter the Kerberos principal name. This field is required.
- Identity credential (Keystore or PKI credential): Click an optional identity credential in the drop-down list that can be used to renew the Kerberos credential without user interaction.
- Kerberos realm: Enter the Kerberos realm for this policy. This setting value is typically your domain name in all capital letters (for example, EXAMPLE.COM). This field is required.
-
Permitted URLs: For each URL for which you want to require SSO, click Add and then do the following:
-
Permitted URL: Enter a URL that you want to require SSO when a user visits the URL from the iOS device.
For example, when a user tries to browse to a site and the website starts a Kerberos challenge: If that site isn’t in the URL list, the iOS device doesn’t attempt SSO by providing the Kerberos token that Kerberos might have cached on the device from a previous Kerberos logon. The match has to be exact on the host part of the URL. For example,
https://shopping.apple.com
is valid, buthttps://*.apple.com
isn’t.Also, if Kerberos isn’t activated based on host matching, the URL still falls back to a standard HTTP call. This can mean almost anything including a standard password challenge or an HTTP error if the URL is only configured for SSO using Kerberos.
-
Click Add to add the URL or click Cancel to cancel adding the URL.
-
-
App Identifiers: For each app that is allowed to use this login, click Add and then do the following:
- App Identifier: Enter an app identifier for an app that is allowed to use this login. If you do not add any app identifiers, this login matches all app identifiers.
- Click Add to add the app identifier or click Cancel to cancel adding the app identifier.
-
Policy settings
-
Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
- Select date: Click the calendar to select the specific date for removal.
- Duration until removal (in hours): Type a number, in hours, until policy removal occurs. Only available for iOS 6.0 and later.
-
Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.