Configuring iOS 16 compatibility for AppConnect quick start

Complete these additional iOS 16-related tasks to quickly set up AppConnect for iOS on MobileIron Core.

Extensible Single Sign-On configuration

In iOS 16, Apple implemented a new "Pasteboard Permission" privacy feature: apps need user's permission before accessing the pasteboard to paste content from another app. iOS developers can avoid displaying pasteboard usage prompt in AppConnect apps by creating an Extensible Single Sign-On configuration. If Extensible Single Sign-On feature is created on the server and pushed to the device, then device users will not see the pop-up, except in specific scenarios.

For apps that do not have the Extensible Single Sign-On configuration or apps that use AppConnect 4.8.1 or older, then the pasteboard will continue to be used as a data channel for AppConnect. After a slight delay of approximately one minute, the SSO extension configuration is pushed.

The server pushes the Extensible Single Sign-On configuration after the MDM profile is installed. During this interval of a few minutes, the SSO Extension does not work.

The pasteboard banner or pop-up will continue to appear on iOS 16+ devices in the following scenarios:

  • If the device user performs copy or paste.
  • While generating AppConnect application logs (since the transmission of log files take place through pasteboard).
  • If [email protected] application or AppConnect application does not support the Extensible Single Sign-On configuration.

For more information, see KB article: iOS 16: Don't Allow Paste" / "Allow Paste" pop-ups from AppConnect apps.


Once this configuration has been created and pushed to device users, administrators can check the MDM profile to confirm the configuration was received.

  1. In the Core Admin Portal, go to Policies & Configs > Configurations.
  2. Click Add New > Apple > iOS / macOS / tvOS > Extensible Single Sign-On. The Edit Extensible Sign Sign-On dialog box opens.
  3. Configure as per the Extensible Single Sign-On field description table listed below.
  4. Click Save.
  5. To distribute the configuration, apply it to a label that contains the target devices.

The following table describes the fields and settings in the Extensible Single Sign-On configuration, which will be similar to what you see in Configuring iOS 16 compatibility for AppConnect quick start .

Table 16.  Extensible Single Sign-On field description




Enter a name that identifies this configuration.


Enter a description that clarifies the purpose of this configuration.

Extensible Single Sign-On

Choose SSO Type

Select Redirect. (iOS 15+) This will request the data and transfer it via the SSO Extension from the shared container.



Extension Identifier



Team Identifier

Enter any value. This is not used by iOS devices.

Custom Data

Custom data is not required.