The latest version of the app wrapping engine introduces a new mechanism called the shared keychain. This mechanism for iOS wrapped apps enables between wrapped apps on the device and reduces flipping to an anchor for information.

Causes of Flipping

iOS applications wrapped with the following components are in the same keychain group, also called a cluster.
  • Apps wrapped with signing certificates from the same developer account
  • Apps that share the same AppIdentifierPrefix

These applications can share session data like an app passcode and an SSO session. By sharing this session data, they do not have to flip to the Workspace ONE Intelligent Hub or to the anchor application every time authentication is required.

Applications wrapped with the listed components are in different keychain groups, or clusters.
  • Apps wrapped with signing certificates from different developer accounts
  • Apps that have a different AppIdentifierPrefix

These applications cannot take advantage of passcode sharing. These scenarios require flipping to the Workspace ONE Intelligent Hubor the anchor application to obtain data like the server URL. This flipping action occurs once per cluster.

Cluster Session Management and Reduced Flip Behavior for SSO with App Wrapping v5.4+

On iOS application wrapped with app wrapping engine v5.4+, only the first wrapped app flips to the anchor application on the first launch. It flips to retrieve environment information. It does not flip to retrieve account data or to lock and unlock operations. In older versions of the wrapping engine, applications had to flip to the anchor application to retrieve data and to lock and to unlock operations.

SSO Sessions and SDK-Integrated Apps

The SSO session is a time frame created at the time of SDK unlock. During this time frame the application can access allowed network resources. If you enable SSO, all SDK-integrated applications are unlocked and able to share keychain information between them.