You can create a Single-Sign-On-Profil (SSO profile), to provide your users with websites and apps for which they don’t need to log in again. They only need to authenticate themselves once, e.g. in the Cortado app, and can then open the specified apps and websites directly.
A requirement for creating an SSO profile is the Kerberos authentication (username with domain and password), e.g. user1@ourdomain.
Note! For this purpose, the domain name must have been stored for each user in the user management or in the AD (during import via LDAP ).
NTLM authentication is required for iOS devices.
Note! This option is not available for devices that have been embedded via User Enrollment.
- First proceed as described here.
- Select Single Sign-On as the profile that you want to add. The following dialog will open:
Make the following settings:
- Profile name: Enter the name of the profile.
- Display name: Enter the name of the profile, as you want it displayed to the users.
- URL prefix matches: Enter the URL of websites, in the form http://cortado.com. For the app or website specified here, the user will not need to log in again.
- Kerberos principal name: Enable Autofill if you wish to enroll the profile to any user (see section Using variables). If you wish to enroll this profile to a single user, enter the user name instead.
- Kerberos realm: Enable Autofill if you wish to enroll the profile to any user. If you wish to enroll this profile to a single user, enter the domain name in capital letters instead.
- App identifier matches: The SSO profile is limited to the apps specified here. If you leave this field blank, the SSO profile can be used by all applications.
Now you can distribute the newly created profile to users / groups / devices.
- To do this, select the desired profile in the left-hand column of the management console and click Assign.
- Now select the users, groups or devices to whom you want to assign this profile.
Note! You can also assign the profiles under Administration→ Users or Groups.