Configuring iOS 16 compatibility for AppConnect quick start
Complete these additional iOS 16-related tasks to quickly set up AppConnect for iOS on Ivanti EPMM.
Extensible Single Sign-On configuration
In iOS 16, Apple implemented a new "Pasteboard Permission" privacy feature: apps need user's permission before accessing the pasteboard to paste content from another app. iOS developers can avoid displaying pasteboard usage prompt in AppConnect apps by creating an Extensible Single Sign-On configuration. If Extensible Single Sign-On feature is created on the server and pushed to the device, then device users will not see the pop-up, except in specific scenarios.
For apps that do not have the Extensible Single Sign-On configuration or apps that use AppConnect 4.8.1 or older, then the pasteboard will continue to be used as a data channel for AppConnect. After a slight delay of approximately one minute, the SSO extension configuration is pushed.
The pasteboard pop-up will continue to appear on iOS 16+ devices in the following scenarios:
- If the device user performs copy or paste.
- While generating AppConnect application logs (since the transmission of log files take place through pasteboard).
- If Mobile@Work application or AppConnect application does not support the Extensible Single Sign-On configuration.
For more information, see KB article: iOS 16: Don't Allow Paste" / "Allow Paste" pop-ups from AppConnect apps.
Procedure
Once this configuration has been created and pushed to device users, administrators can check the MDM profile to confirm the configuration was received.
- In the Ivanti EPMM Admin Portal, go to Policies & Configs > Configurations.
- Click Add New > Apple > iOS / macOS / tvOS > Extensible Single Sign-On. The Edit Extensible Sign Sign-On dialog box opens.
- Configure as per the Extensible Single Sign-On field description table listed below.
- Click Save.
-
To distribute the configuration, apply it to a label that contains the target devices.
The following table describes the fields and settings in the Extensible Single Sign-On configuration, which will be similar to what you see in Configuring iOS 16 compatibility for AppConnect quick start .
If you are configuring an identity provider (IdP), the IdP must have an app extension. Please refer to the vendor-specific documentation for setup procedures.