Apple has officially released iOS 13 and businesses couldn’t be happier. The new version of the operating system (OS) delivers more flexibility for businesses managing Apple devices. To ensure our enterprise customers have same day support for managing iOS 13 devices, we are releasing SOTI MobiControl 14.4.3, which includes support for customized enrollment, and the new extensible Single Sign-On (SSO) payload. In this blog, we dive into each of these features and describe how they may impact your business-critical operations running on iOS.
- Customized Enrollment
Automated Device Enrollment (formerly, DEP Enrollment) has been a core feature for organizations looking to expedite their staging process for Apple devices using Apple Business Manager with SOTI MobiControl. Automated Device Enrollment enables companies to wirelessly supervise and enroll their devices into Enterprise Mobility Management (EMM) solutions without needing their IT departments to touch the devices. While the enrollment process was simple, it lacked customization and didn’t support modern authentication protocols, such as SAML. As of iOS 13, this is no longer the case. The enrollment process is now fully customizable. Using SOTI MobiControl, the user can be presented with a login webpage or be re-directed to an Identity Provider (IdP) for authentication. Once the user is authenticated, they can be presented with Terms and Conditions that they must accept before completing enrollment.
SOTI has made it easy for organizations to leverage the new capabilities of Customized Enrollment. IT Administrators simply have to update their existing Add Devices Rules for DEP devices. They can include authentication via an IdP as part of the enrollment process or have device users be presented with ‘Terms and Conditions’ that they must accept before enrollment can be completed.
Additionally, Apple announced that by the end of 2019, Apple Deployment Programs (deploy.apple.com) will be retired, and that businesses should start using Apple Business Manager (business.apple.com) as its replacement. For assistance on migrating to Apple Business Manager, please read our SOTI Central article.
- Extensible Single Sign-On (SSO) Payload
SSO has long been a standard in businesses when it comes to web apps. However, providing SSO that encompasses both web and native apps, and that handles a variety of authentication/authorization protocols has proven to be challenging on iOS. iOS 13 addresses this with the introduction of an SSO Extension. An SSO Extension can handle SSO for both web as well as native apps. App Developers can offload the complexities of SSO to any third party app that hosts the extension, simply by adding a few lines of code. The extension handles the complexities of the authentication/authorization protocol and flow with the IdP. SSO Extensions can send additional information about the device during the authorization request that can be used by the IdP to determine whether to grant the user access to the app.
To use a SSO Extension, IT Administrators need to do three things:
- Deploy an app that hosts the extension.
- Send the device an Extensible SSO payload via an MDM/EMM solution. This can be done via a SOTI MobiControl Custom Profile. To configure the Extensible SSO payload, IT Administrators will be required to specify the bundle identifier associated with the app that supports the SSO Extension, as well as the domains applicable for the extension.
- Add Associated Domains to the SSO Extension app. For example, your business’ domains where your website(s)/apps are hosted. You can specify these domains via an Application Configuration for the app within SOTI MobiControl’s App Catalog rule.
Want to get more out iOS 13? Sign up for a trial of the SOTI ONE Platform and discover how you can secure and manage your iOS devices more efficiently, remotely support them wherever they are, and build apps for them in minutes.
