title: Enrollment SSO Document description: Enrollment SSO streamlines the MDM enrollment process, reduces sign-ins, and improves security. payload: payloadtype: ESSO supportedOS: iOS: introduced: '16.0' macOS: introduced: n/a tvOS: introduced: n/a visionOS: introduced: '2.0' watchOS: introduced: n/a payloadkeys: - key: iTunesStoreID title: iTunes Store ID type: presence: optional content: The iTunes Store ID of the app to download prior to enrollment, to support Enrollment SSO during enrollment. Using developer mode ignores this key. - key: AppIDs title: Developer App IDs type: presence: optional content: An array of App IDs that specify apps that Enrollment SSO developer mode can use. In Enrollment SSO documents delivered through the developer endpoint, this key must be present and contain at least one value. In Enrollment SSO documents delivered by the standard Enrollment SSO endpoint, this key must not be present. subkeys: - key: AppID title: App ID type: - key: AssociatedDomains title: Associated Domains type: presence: optional content: An array of associated domains that the device uses with the Enrollment SSO extension. subkeys: - key: AssociatedDomain title: Associated Domain type: - key: AssociatedDomainsEnableDirectDownloads title: Associated Domains Enable Direct Downloads type: presence: optional default: false content: If `true,` allows the domain to directly verify site association, instead of at Apple's servers. Use this verification only with domains that are inaccessible on the public Internet. - key: ConfigurationProfile title: Configuration Profile type: presence: optional content: |- The profile containing an `ExtensibleSingleSignOn` payload that specifies the SSO extension in the downloaded app prior to enrollment. This profile may contain certificate payloads. One of `ConfigurationProfile` and `Declarations` must be present. - key: Declarations title: Declarations supportedOS: iOS: introduced: '18.4' visionOS: introduced: '2.4' type: presence: optional content: |- An array of base64-encoded JSON formatted Declarative Device Management declarations that specify the managed app and its configuration, including any certificates or identities. The set of declarations must include one `com.apple.configuration.app.managed` configuration, and one activation declaration that references the configuration. Asset declarations may be present if required by the app config. The app configuration must include `AppStoreID` when developer mode is not being used, or it must include `BundleID` when developer mode is used. One of `ConfigurationProfile` and `Declarations` must be present. subkeys: - key: Declaration title: Declaration Domain type: