Kerberos Single Sign-on Extension Profile

Question

Hello guys, I wanted to let you know that we are currently in the process of deploying the Kerberos Single Sign-on Extension profile. However, we have encountered a situation where some local macOS accounts do not match their corresponding AD accounts. For instance, the macOS local account is named "doe" while the AD account is named "jdoe". I am concerned whether this will cause any issues during the rollout of Kerberos Single Sign-on Extension.

I have conducted a test with a user named "test" whose AD username also happens to be "test", and it worked without any problems as they match. Nevertheless, I remain worried about potential complications arising from mismatched account names

Page 1 / 1

If you are using something like Apples SSO extension. The user logs in to that with their LAN credentials, their local account information is irrelevant. Same goes with other SSOe brokers like Comp Portal and Okta Verify.

I suppose the best thing to do here is test. Change your test account name on the device, and see what happens.

Reply

AJPinto · Accepted Answer

If you are using something like Apples SSO extension. The user logs in to that with their LAN credentials, their local account information is irrelevant. Same goes with other SSOe brokers like Comp Portal and Okta Verify.

I suppose the best thing to do here is test. Change your test account name on the device, and see what happens.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded