iOS 13 at Work, Part 1: Enabling Single Sign-On (SSO) and Distributing Custom Apps

Apple users of the world, 13 is your lucky number: iOS 13 has arrived! This new iteration of Apple’s mobile operating system brings a slew of changes, both consumer-focused and enterprise-grade.

How will iOS 13 impact your organization’s device management strategy, and what should users expect on their devices, whether bring-your-own-device (BYOD), choose-your-own-device (CYOD), corporate-owned or anything in between?

Before we dig into what’s new, let’s briefly review the history of iOS in the enterprise.

Join experts from IBM on Oct. 3 at 2 p.m. ET to learn how iOS 13 is impacting Apple device management in the enterprise. Save your seat!

Going Apple Picking: iOS Devices and Device Management

The year was 2010. Apple had released iOS 4, and with that release came a novel idea: over-the-air (OTA) enrollment of iOS devices into the consoles of a burgeoning new technology — mobile device management (MDM). While MDM has evolved into the more robust unified endpoint management (UEM), at the time these platforms enabled businesses to become more mobile, allowing employees to do work on any device beyond the typical laptop, desktop and BlackBerry setup.

At the time, this new Apple technology allowed organizations to remotely lock, locate and wipe iOS devices as well as push down necessary applications. This core feature set expanded with each subsequent operating system update while adding control over iCloud backup, containment of corporate data for company-owned and BYOD use cases. The development of the supervised mode feature, better known now as the Device Enrollment Program (DEP), allowed IT administrators to exercise tighter control over corporate devices, from disallowing personal Apple IDs and settings to locking a device down with application blacklisting, whitelisting or single app kiosk mode.

Apple Applies Appropriate App Management Updates

Apple has made it easier for an organization to distribute its corporate applications to users — both enrolled in UEM and not. This latest OS update extends iOS’s previous single sign-on (SSO) capabilities to now integrate biometric checks such as Face ID and Touch ID with an organization’s existing identity platform

Identity and access management (IAM) is a hot topic in the context of a modern digital transformation, and we will further explore Apple’s new approach to SSO. But before a user can be granted access, a corporate app needs to be distributed to a device.

Corporate App Distribution

During the  infancy of Apple’s MDM technology, an organization with its own enterprise apps would be required to upload that application into a UEM platform, sign for it, then distribute it to appropriate users. Apple improved this workflow via its B2B App Store and in-house apps. During the 2019 WWDC, Apple further improved this process with Custom Apps Distribution—a new model that allows for organizations to use the Apple App Store’s infrastructure as the means of app distribution.

Rather than an enterprise having to sign and host the app, Apple will instead review the app, approve it and make it available to that enterprise’s employees once they enroll in a UEM or via a redemption code for unenrolled users. This takes away the pain often associated with giving users access to internal apps. Plus, it opens up the door for one-off sharing of enterprise apps, giving contractors access without needing full device management.

Apple Single Sign On in iOS 13

Now that we’re all educated on the journey of an app from cloud to device, it’s time to expand on SSO in iOS 13. Previously, SSO on a managed device and application was accomplished by linking an organization’s Security Assertion Markup Language (SAML)-based identity solution with its existing UEM platform. Users would then need only one set of credentials across all applications and could log in on a custom, unified landing page.

It’s an exceptionally popular strategy in 2019, and most organizations — from small businesses, to mid-market, to enterprise-level — have installed some form of an identity tool.

Apple has joined that fray. With the new SSO extension available in iOS 13, any application or webpage can be integrated with an existing identity provider to allow for authentication via Touch ID and Face ID. It can be argued that biometric authentication is more secure than passcodes, as passcodes come with the risk of being phished or written down on a sticky note for all to see.

Beyond a secure way of granting access, the update also aligns with Apple’s mission to effectively enable end users. This translates well to the enterprise because it keeps data secure while simultaneously providing a frictionless experience — limiting the pain points an organization may experience when adopting an Apple device management strategy and identity management posture.

Learn How to Get the Most Out of Your iOS 13 Deployment

Another way to limit that pain is via a leading UEM platform that is equipped to not only support the changes presented in iOS 13, but also to provide a pathway to SSO.

Don’t just take my word for it, though. On Oct. 3 at 2 p.m. ET, join experts from IBM Security’s product and marketing teams as they take a deep dive into iOS 13, iPadOS and macOS Catalina and discuss how enterprises can make the most of this new Apple frontier.

Register for the webinar to learn more.