Help

Apple SSO Extension without MDM

KMerendaTFMC
New Contributor III

Posted on ‎07-08-2020 08:11 AM

The Apple Kerberos SSO extension (the one that replaces Enterprise Connect in Catalina and Big Sur) is configured via config profile that must be applied by MDM.

Since the pandemic turned me into a full-time work-from-home admin, I've been using my personal Mac to do most of my work. I would love to leverage the SSO extension, but I don't want to put my personal Mac in management. Is anyone aware of a way to enable the extension via terminal or some other method?

Labels:
0 Kudos
Reply
5 REPLIES 5

Phantom5
Contributor II

Posted on ‎07-08-2020 08:20 AM

Have you tried creating a Profile in your MDM, exporting it and installing in your Mac. I'm pretty sure you need your Mac to be at least UAMDM to active SSO Extension but you could give this a try.

0 Kudos
Reply

KMerendaTFMC
New Contributor III

Posted on ‎07-08-2020 08:21 AM

@f.deis yeah I tried that. It rejects this profile since its not coming from an MDM authority.

0 Kudos
Reply

boberito
Valued Contributor

Posted on ‎07-08-2020 08:22 AM

Like kernel extensions, privacy protection configurations, the SSO config profile must originate from an MDM server.

Reply

KMerendaTFMC
New Contributor III

Posted on ‎07-08-2020 09:43 AM

Thanks, @boberito but I was wondering if there is another way, like using defaults to import a plist. I exported plists for com.apple.kerberos and com.apple.AppSSOKerberos.KerberosExtension on one Mac that was configured by MDM, then imported them on an unmanaged Mac, but the menu item hasn't shown up yet. I must still be missing something.

0 Kudos
Reply

dan-snelson
Valued Contributor II

Posted on ‎07-09-2020 04:17 AM

@KMerendaTFMC Perhaps a VM with a serial number enrolled in Apple Business Manager / Apple School Manager would meet your needs.

If so, adapt @cainehorr's Automate Building Jamf Compatible macOS 10.13+ Virtual Machines.

0 Kudos
Reply