Apple SSO Extension without MDM

New Contributor III

The Apple Kerberos SSO extension (the one that replaces Enterprise Connect in Catalina and Big Sur) is configured via config profile that must be applied by MDM.

Since the pandemic turned me into a full-time work-from-home admin, I've been using my personal Mac to do most of my work. I would love to leverage the SSO extension, but I don't want to put my personal Mac in management. Is anyone aware of a way to enable the extension via terminal or some other method?


Contributor II

Have you tried creating a Profile in your MDM, exporting it and installing in your Mac. I'm pretty sure you need your Mac to be at least UAMDM to active SSO Extension but you could give this a try.

New Contributor III

@f.deis yeah I tried that. It rejects this profile since its not coming from an MDM authority.

Valued Contributor

Like kernel extensions, privacy protection configurations, the SSO config profile must originate from an MDM server.

New Contributor III

Thanks, @boberito but I was wondering if there is another way, like using defaults to import a plist. I exported plists for and on one Mac that was configured by MDM, then imported them on an unmanaged Mac, but the menu item hasn't shown up yet. I must still be missing something.

Valued Contributor II

@KMerendaTFMC Perhaps a VM with a serial number enrolled in Apple Business Manager / Apple School Manager would meet your needs.

If so, adapt @cainehorr's Automate Building Jamf Compatible macOS 10.13+ Virtual Machines.