The Mobile SSO for iOS authentication method is used for single sign-on authentication in Workspace ONE UEM-managed iOS devices. For iOS device authentication, Workspace ONE Access uses an identity provider that is built into the service to provide access to mobile SSO authentication. Mobile SSO (for iOS) authentication uses a Key Distribution Center (KDC) that is part of the Workspace ONE Access service.

For iOS mobile SSO authentication, Workspace ONE Access makes use of a certificate that is deployed in a device profile to authenticate the user with Workspace ONE UEM. The iOS Mobile SSO certificate authentication relies on Kerberos to collect the certificate.

You configure the following for Mobile SSO for iOS authentication.

  • Download the issuer certificate to configure Mobile SSO for iOS.
    • If you are using Workspace ONE UEM Certificate Authority, in the Workspace ONE UEM console, enable Certificates in the Enterprise Integrations > Workspace ONE Access page. Download the issuer certificate to configure Mobile SSO for iOS.
    • If you are using Active Directory Certificate Services, configure a certificate authority template for Kerberos certificate distribution in the Active Directory Certificate Services. Then configure Workspace ONE UEM to use Active Directory Certificate Authority. Add the Certificate template in the Workspace ONE UEM console. Download the issuer certificate to configure Mobile SSO for iOS.
  • Establish the Key Distribution Center (KDC) to use.
  • Configure the Mobile SSO (iOS) authentication method in the Workspace ONE Access console.
  • Configure the built-in identity provider and associate the Mobile SSO for iOS authentication method in the Workspace ONE Access console.
  • Download the KDC certificate from the Workspace ONE Access console. You upload the certificate to the Apple iOS single sign-on device profile in Workspace ONE UEM.
  • Configure the Apple iOS single sign-on device profile and enable single sign-in from the Workspace ONE UEM console.

In addition to configuring mobile SSO for iOS, you configure mobile device management for iOS devices in the Workspace ONE UEM console. See iOS Device Management documentation.

Supported Apple iOS Devices

iOS 9 or late is supported.