Open in app

Sign in

Write

Sign in

How to implement the Enterprise Apple SSO: Part One Entitlements

In this post I will be talking about how to implement the Enterprise Apple SSO and what are the common mistakes that you can avoid and setting up your Apple SSO development.

Tony Trejo
3 min readNov 13, 2020

What the documentation says

Apple documentation

“Single Sign-on ensures your enterprise can implement modern authentication methods without sacrificing ease of use.”

“A mechanism for generating requests to authenticate users with third-party providers.”

Apple Developer Documentation

Edit description

developer.apple.com

The common mistakes

  1. The Apple SSO only runs in a real device”.
  2. Maybe you are going to need a VPN to connect to the providers in my case I used a VPN on my device that makes a proxy to USA.
  3. You are going to need some credentials for test the TV Provider.
  4. The App needs to include the entitlements file (SomeName.entitlements), it would be something like this:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">   <plist version="1.0">    <dict>    <key>com.apple.developer.video-subscriber-single-sign-on</key>    <true/>    <key>com.apple.smoot.subscriptionservice</key>    <true/>    </dict></plist>

Note: This entitlement file should be created and added manually.

Apple Developer Documentation

Edit description

developer.apple.com

5. Add the entitlements file like this:

Note: Be careful with the target membership, you don’t need to include any target for the entitlements file.

6. Now you need to configure the build settings like this:

Note: Select the correct target and go to build settings and you can search for Code Signing Entitlements and then set your entitlements file there.

7. What about the certificates? Don’t forget to add the entitlements to the profile that you are using for the Apple SSO development.

Note: This is a special entitlement, which means that you can’t enable it in the standard ways (via the Signing & Capabilities editor in Xcode, via Capability on your App ID in the developer web site). Rather, you must be specifically granted the entitlement by Apple.

Now we are ready for the code, see you in the next part.

Additional resources

Introducing Extensible Enterprise SSO - Tech Talks - Videos - Apple Developer

Single Sign-on ensures your enterprise can implement modern authentication methods without sacrificing ease of use…

developer.apple.com

Sign in with your TV provider on your iPhone, iPad, or iPod touch

Sign in with your TV provider on your iPhone, iPad, or iPod touch and enjoy instant access to supported video apps that…

support.apple.com

SSO Entitlement is missing from pr... | Apple Developer Forums

We are unable to use the provisioning profile to build the app (ipa). Here's the information that can be useful…

developer.apple.com

  • AppleSSO project

enigma2006x/applesso

Single Sign-on ensures your enterprise can implement modern authentication methods without sacrificing ease of use. …

github.com

Apple Sso
Apple Sign In
Swift
Single Sign On
IOS

--

--

Tony Trejo

Written by Tony Trejo

82 Followers

Experienced Software Engineer with 12+ years of experience. https://www.linkedin.com/in/antoniotrejof/

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams