After looking at last year's wwdc video on SSO Extensions for the enterprise (https://developer.apple.com/videos/play/tech-talks/301) I've been trying to implement this feature for my company. As described in the video I made sure that the components are set up as expected: Put apple-app-site-association file on the domain from our login service. Configured and Pushed an MDM SSO Extension config profile for my managed device that I use during my test. In the profile I've placed the domains of our federation service and the type of extension (redirect) In my local app I added the extension target and added the beginAuthorization(with request: ASAuthorizationProviderExtensionAuthorizationRequest) handler Configured associated domains capability in my host/demo app Added the mdm entitlements com.apple.developer.associated-domains.mdm-managed In my host app I now want to start testing the whole set up but I'm quite stuck on where to go. In my sample I initialise an authProvider: let authProvider = ASAuthorizationSingleSignOnProvider(identityProvider: URL(string:"https://myservicedotcom/as/authorization.oauth2")!) Unfortunately, I never make it to the next step where I'm for example being presented with a login dialogue. Codewise, I'm not ending up in my if condition: self.authProvider.canPerformAuthorization {       let request = self.authProvider.createRequest()       request.requestedOperation = ASAuthorization.OpenIDOperation.operationLogin       self.authController = ASAuthorizationController(authorizationRequests: [request])       self.authController?.delegate = self       self.authController?.presentationContextProvider = self as! ASAuthorizationControllerPresentationContextProviding       self.authController?.performRequests()     } else {       print("error")     } Am I missing some kind of other component allowing me to start logging in? Can I put in place some components allowing me to better debug this setup getting to the root cause?