Applications built with the VMware AirWatch SDK behave according to the single-sign on (SSO) session status and the type of authentication configured.

Status Change Triggers Migration for iOS (Swift)

When you change the SSO setting for an SDK-built, iOS (Swift) application, the application joins or exits the existing SSO session sharing cluster. Joining or exiting the cluster triggers the migration of application-specific data.

Note:

The SDK for iOS (Objective-C) does not migrate data. When the SSO status changes, the data in the application resets and re-creates where possible.

SSO Status - On to Off

If the admin disables SSO, the SDK migrates data stored from the SSO sharing cluster to the application storage. In some instances, to migrate data, users enter their authentication information. In other scenarios, users experience no difference in the use of the SDK-built application. This migration behavior depends on the authentication type.

Note:

The SDK for iOS (Swift) system does not migrate the integrated authentication certificate. The SDK-built application fetches a new certificate and stores it to use specifically for itself.

Authentication Type Migration Behavior
iOS (Swift)
Passcode

The system prompts users for SDK-SSO passcodes the next time they open the application. This action triggers the migration of application-specific data from the SSO cluster to the application storage.

The system does not migrate the SSO passcode. If the application still requires a passcode for access, the user creates a new one.

The system no longer shares this application session with other SSO-enabled applications.

Username and Password

Users perceive no behavior change with the application. They continue to authenticate with their Workspace ONE UEM credentials, username and password. The system migrates application-specific data from the SSO cluster to the application storage.

The system does migrate username and password data along with other application-specific data.

The system no longer shares this application session with other SSO-enabled applications.

None

Users perceive no behavior change with the application. The system migrates application-specific data from the SSO cluster to the application storage.

The system no longer shares this application session with other SSO-enabled applications.

iOS (Objective-C)
Any

The SDK does not migrate data when admins disable the SSO status. All application-specific data is lost except for the SDK profile configured in the Workspace ONE UEM console.

SSO Status - Off to On

If the admin changes the SSO status to enabled, the SDK migrates data from the application storage to the SSO cluster. The authentication type controls the trigger to migrate data from the application storage to the SSO cluster. The SDK includes two methods for accessing application-specific data to migrate.

  1. The SDK attempts to access the application storage.
  2. If the first process fails, the SDK attempts to access and to start using the information stored in the SSO cluster. This process requires that another SDK-built application is on the device with SSO enabled.
Note:

The SDK for iOS (Swift) system deletes the integrated authentication certificate that was used by the non-SSO SDK-built application. If a certificate exists in the SSO cluster, the system uses this certificate.

Authentication Type Migration Behavior
iOS (Swift)
Passcode

The system must change the non-SSO passcode to the SSO passcode. To make this change, the system prompts users for the non-SSO passcode to access the application. Then, the system prompts the users for the SSO passcode used by other SDK-built applications on the device.

The system migrates application-specific data from the application storage to the SSO cluster.

If no other SDK-built application is on the device with an SSO passcode, the system prompts for the creation one. If the user installs other SDK-built applications, the system shares the SSO session with these applications.

Username and Password

Users perceive no behavior change with the application. They continue to authenticate with their Workspace ONE UEM credentials, username and password. The system migrates application-specific data from application storage to the SSO cluster.

The system shares the SSO session with other SDK-built applications.

None

Users perceive no behavior change with the application. The system migrates application-specific data from application storage to the SSO cluster.

The system shares sessions with other SDK-built applications.

iOS (Objective-C)
Any

The SDK does not migrate data when admins enable SSO. All application-specific data is lost except for the SDK profile configured in the Workspace ONE UEM console.