The app extension cannot access MDM deployed identity via ManagedApp FM

Privacy & Security General
yingha OP
Created 1d
Replies 1
Boosts 0
Views 35
Participants 2

We use Jamf Blueprint to deploy the managed app and identity to the iOS device (iOS 26.3 installed). Our managed app can access the identity via

let identityProvider = ManagedAppIdentitiesProvider()
        let identity: SecIdentity
        do {
            identity = try await identityProvider.identity(withIdentifier: "myIdentity")
           } catch { }

However, the app extension cannot access the same identity. Our app extension is notification extension that implemented UNNotificationServiceExtension APIs. We use above code in didReceive() function to access identity that always failed.

The MDM configuration payload is:

  "AppConfig": {
    "Identities": [
      {
        "Identifier": "myIdentity",
        "AssetReference": "$PAYLOAD_2"
      }
    ]
  },
  "ExtensionConfigs": {
    "Identifier (com.example.myapp.extension)": {
      "Identities": [
        {
          "Identifier": "myIdentity",
          "AssetReference": "$PAYLOAD_2"
        }
      ]
    }
  },
  "ManifestURL": "https://example.net/manifest.plist",
  "InstallBehavior": {
    "Install": "Required"
  }
}

Is there any problem in our MDM configuration? Or the notification extension cannot integrate with ManagedApp FM?

Replies  1
Boosts  0
Views  35
Participants  2
Device Management Engineer OP
Apple
17h 
    "Identifier (com.example.myapp.extension)": {

This line is not correct. I would expect it to be

    "com.example.myapp.extension (myteamid)": {

where com.example.myapp.extension is the bundle identifier of the extension and myteamid is the team identifier of the developer identity that signed the extension.

1
The app extension cannot access MDM deployed identity via ManagedApp FM
First post date Last post date
 
 
Q