Skip to main content
Solved

Kerberos Single Sign-on Extension Profile

  • November 3, 2023
  • 1 reply
  • 29 views
T
Forum|alt.badge.img+2

Hello guys, I wanted to let you know that we are currently in the process of deploying the Kerberos Single Sign-on Extension profile. However, we have encountered a situation where some local macOS accounts do not match their corresponding AD accounts. For instance, the macOS local account is named "doe" while the AD account is named "jdoe". I am concerned whether this will cause any issues during the rollout of Kerberos Single Sign-on Extension.

 

I have conducted a test with a user named "test" whose AD username also happens to be "test", and it worked without any problems as they match. Nevertheless, I remain worried about potential complications arising from mismatched account names

Best answer by AJPinto

If you are using something like Apples SSO extension. The user logs in to that with their LAN credentials, their local account information is irrelevant. Same goes with other SSOe brokers like Comp Portal and Okta Verify. 

 

I suppose the best thing to do here is test. Change your test account name on the device, and see what happens.

    1 reply

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • Answer
    • November 6, 2023

    If you are using something like Apples SSO extension. The user logs in to that with their LAN credentials, their local account information is irrelevant. Same goes with other SSOe brokers like Comp Portal and Okta Verify. 

     

    I suppose the best thing to do here is test. Change your test account name on the device, and see what happens.

    Terms & ConditionsCookie settingsAccessibility statement