A Provisioning Profile is a combination of your App ID and distribution certificates.The profile authorizes developers and devices to create and run applications built for Apple iOS devices. If you want to develop and distribute apps privately within your company or to a selected number of end users, you can use a provisioning profile for internal distribution.When you upload an internal application to the Workspace ONE UEM console, you can also upload the provisioning profile that you generated for that particular application.
For an internal Apple iOS application to work, every device that runs the application must also have the provisioning profile installed on it. Each Provisioning Profile contain a set of iPhone Development Certificates, Unique Device Identifiers and an App ID. Devices specified within the provisioning profile can be used for testing only by those individuals whose iPhone Development Certificates are included in the profile. A single device can contain multiple provisioning profiles.
- Apple iOS Developer Enterprise Program – This program facilitates the development of applications for internal use. Use profiles from this program to distribute internal applications in Workspace ONE UEM.
- Apple iOS Developer Program – This program facilitates the development of applications for the app store. An App Store Provisioning Profile lets you post your apps in the Apple App Store.
For internal applications, use files from the Apple iOS Developer Enterprise Program When you get a mobile provisioning profile for your internal applications, verify that it is for enterprise (internal) distribution.
iOS Provisioning Profile Management
Apple generates development certificates that expire within three years. However, the provisioning profiles for the applications made with the development certificates still expire in one year. This model can create issues in Workspace ONE UEM.
Issues exist for developers and device users.
- Developers who build and deploy multiple versions of an application need a way to remove expired provisioning profiles that are associated with active applications.
- Device users receive warnings concerning the status of an application 30 days before a provisioning profile expires.
However, if you can manage renewals, you can mitigate these issues. You can use the expiration dates Workspace ONE UEM displays to mitigate issues.
- Workspace ONE UEM console displays expiration notices in the console 60 days before the expiration date.
- You can update provisioning profiles and apply them to all associated applications managed in Workspace ONE UEM console .
- If the provisioning profiles are not associated to other applications, you can remove them or replace older ones.
Renew your iOS Provisioning Profiles
Renew your Apple iOS provisioning profiles without requiring end users to reinstall the application. You can also renew the file for all applications associated with it. The Workspace ONE UEM console notifies you 60 days before the profile expires.Access expiration links for Apple iOS provisioning profiles from within the applicable organization group (OG). The Workspace ONE UEM console does not allow access unless you are in the correct OG.
When an Apple iOS provisioning profile expires, device users cannot access the associated application, and new device users cannot install the application.
- Navigate to Resources > Apps > Native > Internal.
- Select the expiration link (Expires in XX days) in the Renewal Date column for the application for which you want to update the provisioning profile.
- Use the Renew option on the Files tab to upload the replacement file.
- Select the Update Provisioning Profile For All Applications setting to apply the renewed file to all associated applications.Workspace ONE UEM displays this option only if multiple applications share the provisioning profile.Workspace ONE UEM lists the applications that share this provisioning profile for you on the Files menu tab. Workspace ONE UEM silently pushes the updated provisioning profile to all devices that have the application installed.
