mirror of
https://github.com/apple/device-management.git
synced 2026-02-12 12:52:53 +00:00
83 lines
2.9 KiB
YAML
83 lines
2.9 KiB
YAML
title: Enrollment SSO Document
|
|
description: Enrollment SSO streamlines the MDM enrollment process, reduces sign-ins,
|
|
and improves security.
|
|
payload:
|
|
payloadtype: ESSO
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '16.0'
|
|
macOS:
|
|
introduced: n/a
|
|
tvOS:
|
|
introduced: n/a
|
|
visionOS:
|
|
introduced: '2.0'
|
|
watchOS:
|
|
introduced: n/a
|
|
payloadkeys:
|
|
- key: iTunesStoreID
|
|
title: iTunes Store ID
|
|
type: <integer>
|
|
presence: optional
|
|
content: The iTunes Store ID of the app to download prior to enrollment, to support
|
|
Enrollment SSO during enrollment. Using developer mode ignores this key.
|
|
- key: AppIDs
|
|
title: Developer App IDs
|
|
type: <array>
|
|
presence: optional
|
|
content: An array of App IDs that specify apps that Enrollment SSO developer mode
|
|
can use. In Enrollment SSO documents delivered through the developer endpoint,
|
|
this key must be present and contain at least one value. In Enrollment SSO documents
|
|
delivered by the standard Enrollment SSO endpoint, this key must not be present.
|
|
subkeys:
|
|
- key: AppID
|
|
title: App ID
|
|
type: <string>
|
|
- key: AssociatedDomains
|
|
title: Associated Domains
|
|
type: <array>
|
|
presence: optional
|
|
content: An array of associated domains that the device uses with the Enrollment
|
|
SSO extension.
|
|
subkeys:
|
|
- key: AssociatedDomain
|
|
title: Associated Domain
|
|
type: <string>
|
|
- key: AssociatedDomainsEnableDirectDownloads
|
|
title: Associated Domains Enable Direct Downloads
|
|
type: <boolean>
|
|
presence: optional
|
|
default: false
|
|
content: If `true,` allows the domain to directly verify site association, instead
|
|
of at Apple's servers. Use this verification only with domains that are inaccessible
|
|
on the public Internet.
|
|
- key: ConfigurationProfile
|
|
title: Configuration Profile
|
|
type: <data>
|
|
presence: optional
|
|
content: |-
|
|
The profile containing an `ExtensibleSingleSignOn` payload that specifies the SSO extension in the downloaded app prior to enrollment. This profile may contain certificate payloads.
|
|
|
|
One of `ConfigurationProfile` and `Declarations` must be present.
|
|
- key: Declarations
|
|
title: Declarations
|
|
supportedOS:
|
|
iOS:
|
|
introduced: '18.4'
|
|
visionOS:
|
|
introduced: '2.4'
|
|
type: <array>
|
|
presence: optional
|
|
content: |-
|
|
An array of base64-encoded JSON formatted Declarative Device Management declarations that specify the managed app and its configuration, including any certificates or identities.
|
|
|
|
The set of declarations must include one `com.apple.configuration.app.managed` configuration, and one activation declaration that references the configuration. Asset declarations may be present if required by the app config.
|
|
|
|
The app configuration must include `AppStoreID` when developer mode is not being used, or it must include `BundleID` when developer mode is used.
|
|
|
|
One of `ConfigurationProfile` and `Declarations` must be present.
|
|
subkeys:
|
|
- key: Declaration
|
|
title: Declaration Domain
|
|
type: <data>
|