Managing Your Developer Account Team

If you have an organization membership in the Apple Developer Program, you can add people to your team and assign them roles, thereby granting them levels of access to team assets. Team members have roles and privileges that pertain to the development and distribution process. These roles define who is allowed to enable certain app services, who is allowed to create identifiers, who is allowed to create distribution assets, and so on. After adding team members, you may be responsible for performing other tasks on their behalf. For example, you may need to enable capabilities for the App ID and create client SSL certificates for APNs, Pass Type IDs, and iCloud containers. If you’re enrolled in the Apple Developer Program as an individual, team management tasks described in this chapter don’t apply.

About Apple Developer Program Team Roles and Privileges

A person’s role on the team defines the level of access that person has to the team’s assets and types of tasks he or she can perform using their developer account and Xcode. This privilege level extends to the kinds of tasks that a developer is allowed to perform on behalf of the team. By giving you control over team roles, Apple makes it easier for you to maintain good security practices for the team.

Team Roles

Table 13-1 lists the roles a person can play and describes each. Each level of access includes all the capabilities of the levels below it.

Table 13-1  Team roles

Role

Description

Team agent

A team agent is legally responsible for the team and acts as the initial primary contact with Apple. The team agent can invite team members and change the access level of any other team member. There’s only one team agent.

Team admin

A team admin can set the privilege levels of other team members, except the team agent. Team admins manage all assets used to sign your apps, either during development or when your team is ready to distribute an app. Team admins can edit the App ID to enable app services and create technology specific identifiers used throughout the system. Team admins can sign apps for distribution on nondevelopment devices.

Team member

A team member can create their development certificate, register a device connected to their Mac, and create a team provisioning profile using Xcode. Team members can’t register devices and create development provisioning profiles using their developer account.

Team Privileges

Each team role defines a set of privileges or tasks that a person can perform. Table 13-2 lists the specific privileges granted to members of the team. Refer to Table 14-1 for the types of certificates that each team member can revoke.

Table 13-2  Privileges assigned to each membership level

Privilege

Team agent

Team admin

Team member

Accept legal agreements

../Art/checkmark_2x.png

../Art/x_2x.png

../Art/x_2x.png

Renew membership

../Art/checkmark_2x.png

../Art/x_2x.png

../Art/x_2x.png

Create Developer ID certificates

../Art/checkmark_2x.png

../Art/x_2x.png

../Art/x_2x.png

Invite members and assign roles

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Create distribution certificates

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Register, configure, and delete App IDs

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Create distribution provisioning profiles

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Create other app service identifiers

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Register devices for development

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Create development provisioning profiles

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/x_2x.png

Create development certificates

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/checkmark_2x.png

In Xcode, create a wildcard App ID and team provisioning profile

../Art/checkmark_2x.png

../Art/checkmark_2x.png

../Art/checkmark_2x.png

Team Agent

To start, one person must enroll in the Apple Developer Program; this person becomes the team agent for the team. During this step, the team agent signs the legal agreements required to become an Apple developer and enters financial information so that the team can be paid for purchases of their app from the store.

The team agent has an unrestricted role; he or she has unrestricted access to the team and is legally responsible for the team. Initially, the team agent also performs most of the tasks to organize the team. After others have joined the team, the team agent may decide to delegate some of this authority to other members of the team, allowing those others to perform these tasks instead.

The team agent might need to sign updated or new licensing agreements, particularly when the team wants to incorporate specific services into an app. For example, an app that uses the iAd service requires that the team agent sign a separate agreement.

Inviting Team Members and Assigning Roles

If you enroll as an organization, you’re the de facto team agent who has permission to add other developers, called team members, to your account. In general, team members have read access to view and download information managed by their developer account—but they don’t have write to most assets. However, you can assign an admin role to a team member, which allows that person to have some of the privileges of a team agent—for example, a team admin can create identifiers for app services but can’t sign agreements. Assigning roles helps team agents delegate some of their responsibilities.

Inviting Team Members

When you invite people to join your team, you enter information about them and set their role on the team.

To invite team members

  1. Sign in to developer.apple.com/account, and click People.

  2. Click Invite People.

    ../Art/11_mc_invite_team_member1.shot/Resources/shot_2x.png../Art/11_mc_invite_team_member1.shot/Resources/shot_2x.png
  3. Enter the email address of the person you want to invite as either an admin or team member.

    To learn more details about each role, click Learn about roles.

  4. Click Invite.

    The person you specified receives an email invitation, which he or she must verify by clicking the invitation code in it. If the person doesn’t have an Apple ID, he or she is asked to create one before accepting the invitation.

Changing Team Roles

After the team member accepts the invitation, the team agent receives a confirmation email and the team member has access to the developer account. Later, the team agent can change the role of a team member.

To change a team member’s role

  1. Sign in to developer.apple.com/account, and click People.

  2. In the Admins section, select one or more names and click Change to Member. In the Members section, select one or more names and click Change to Admin.

    ../Art/11_mc_change_team_role.shot/Resources/shot_2x.png../Art/11_mc_change_team_role.shot/Resources/shot_2x.png
  3. In the dialog that appears, confirm the change.

Registering Team Member Devices

Before a team member can launch an app on his or her device, the device needs to be registered and added to the team provisioning profile. Xcode automatically registers devices when needed, as described in Launching Your App on Devices. However, a team agent or admin can register team member devices on their behalf.

The team member sends the device name and device ID to his or her team admin. In Xcode, a team member can select the device in the Devices window to display the device ID, as described in Locating Device IDs Using Xcode. If you’re a Mac developer, you can also get the device ID using the System Information app, as described in Locating Device IDs Using System Information (iOS, tvOS, Mac).

In the developer account, the team admin may register one device, as described in Registering Individual Devices, or multiple devices, as described in Registering Multiple Devices.

Transferring the Team Agent Role

Because the team agent has sole legal responsibility for the team, another team member can’t demote the team agent, nor can the team agent’s privileges be restricted. However, the team agent can transfer that role to another team member using the developer account.

To transfer the team agent role

  1. Sign in to developer.apple.com/account as the team agent, and click Membership.

    ../Art/11_trf_agent_role.shot/Resources/shot_2x.png../Art/11_trf_agent_role.shot/Resources/shot_2x.png
  2. Scroll down to Settings, and click Transfer Team Agent Role.

  3. Follow the instructions that appear in a series of dialogs.

    For example, you will be asked to choose a new team agent and sign an Agent Transferor Agreement.

    ../Art/11_trf_agent_role_2.shot/Resources/shot_2x.png../Art/11_trf_agent_role_2.shot/Resources/shot_2x.png

Removing Team Members

If a team member is no longer working on your project, a team agent or admin can remove him or her from the team.

To remove a team member

  1. Sign in to developer.apple.com/account, and click People.

  2. Select the person to remove.

  3. In the upper-right corner, click Remove from Team.

    ../Art/11_remove_team_member.shot/Resources/shot_2x.png../Art/11_remove_team_member.shot/Resources/shot_2x.png
  4. In the dialog that appears, click Remove.

Recap

In this chapter, you learned how to perform some tasks on behalf of team members who don’t have privileges to create development certificates or register their devices.