The Apple Kerberos SSO extension (the one that replaces Enterprise Connect in Catalina and Big Sur) is configured via config profile that must be applied by MDM.
Since the pandemic turned me into a full-time work-from-home admin, I've been using my personal Mac to do most of my work. I would love to leverage the SSO extension, but I don't want to put my personal Mac in management. Is anyone aware of a way to enable the extension via terminal or some other method?
Have you tried creating a Profile in your MDM, exporting it and installing in your Mac. I'm pretty sure you need your Mac to be at least UAMDM to active SSO Extension but you could give this a try.
@f.deis yeah I tried that. It rejects this profile since its not coming from an MDM authority.
Like kernel extensions, privacy protection configurations, the SSO config profile must originate from an MDM server.
Thanks, @boberito but I was wondering if there is another way, like using defaults to import a plist. I exported plists for com.apple.kerberos and com.apple.AppSSOKerberos.KerberosExtension on one Mac that was configured by MDM, then imported them on an unmanaged Mac, but the menu item hasn't shown up yet. I must still be missing something.
@KMerendaTFMC Perhaps a VM with a serial number enrolled in Apple Business Manager / Apple School Manager would meet your needs.
If so, adapt @cainehorr's Automate Building Jamf Compatible macOS 10.13+ Virtual Machines.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.