Apple SSO Extension without MDM

KMerendaTFMC
New Contributor III

The Apple Kerberos SSO extension (the one that replaces Enterprise Connect in Catalina and Big Sur) is configured via config profile that must be applied by MDM.

Since the pandemic turned me into a full-time work-from-home admin, I've been using my personal Mac to do most of my work. I would love to leverage the SSO extension, but I don't want to put my personal Mac in management. Is anyone aware of a way to enable the extension via terminal or some other method?

5 REPLIES 5

Phantom5
Contributor II

Have you tried creating a Profile in your MDM, exporting it and installing in your Mac. I'm pretty sure you need your Mac to be at least UAMDM to active SSO Extension but you could give this a try.

KMerendaTFMC
New Contributor III

@f.deis yeah I tried that. It rejects this profile since its not coming from an MDM authority.

boberito
Valued Contributor

Like kernel extensions, privacy protection configurations, the SSO config profile must originate from an MDM server.

KMerendaTFMC
New Contributor III

Thanks, @boberito but I was wondering if there is another way, like using defaults to import a plist. I exported plists for com.apple.kerberos and com.apple.AppSSOKerberos.KerberosExtension on one Mac that was configured by MDM, then imported them on an unmanaged Mac, but the menu item hasn't shown up yet. I must still be missing something.

dan-snelson
Valued Contributor II

@KMerendaTFMC Perhaps a VM with a serial number enrolled in Apple Business Manager / Apple School Manager would meet your needs.

If so, adapt @cainehorr's Automate Building Jamf Compatible macOS 10.13+ Virtual Machines.