Add new capabilities to a Provisioning Profile

From Configuring an associated domain:

If not already present, Xcode updates your target’s entitlements file to include the Associated Domains Entitlement, which is an array that contains each associated domain you define. If you enable the “Automatically manage signing” option for your target, Xcode also updates your app’s App ID in the developer portal and generates and downloads an updated provisioning profile.

Note: If you later remove the Associated Domains capability in Xcode, you must manually update your App ID’s configuration in the developer portal to fully disable the feature.

Thanks for your reply! Apologies, but I forgot to mention that I am not using XCode to do the signing process, I am doing this manually. If I manually update the App ID in the Developer Account portal to include the new capability, would that require generating a new profile? And if I generate a new profile, does that mean that the old one will get invalidated and the old apps will stop working?

I have this same question. Essentially our endpoint client is like an agent. We are adding major new features with new entitlement requirements, but as we update this version we are worried that it will disable our existing install base of customers. That can't happen, so we are unsure of how to proceed with getting a new App ID.

When you edit your App ID to add new entitlements you will be presented with a warning that it will invalidate existing provisioning profiles. This will not impact any distributed apps. For example any time you add a capability in Xcode with automatic signing it is making requests to update the app id configuration and generate a new profile when required. We are tracking an enhancement to update this messaging. The website marks profiles as “invalid” to indicate they do not feature the latest App ID configuration or available device configuration for the team.

I hope this clarifies and we are tracking verbiage changes for that type of update to make the effect and recommended follow up action clearer.

As a reminder revoking any certificates for directly distributed apps can impact their functionality so always take caution before revocation.

As a reminder revoking any certificates for directly distributed apps can impact their functionality so always take caution before revocation.

This is a really important point. I have talk a bunch about managing Developer ID signing identities in the The Care and Feeding of Developer ID.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"