i have some doubt to how distributing for clients that have an Enterprise Developer account works.
Here is the situation:
-My company have its own developer account (normal one not enterprise).
-My client wants to distribute an app using their own account.
-My company have to develop this app.
Now, how do i setup my xcode for this? Which solution is the best? Should i use directly the clients account or there is a way in which they add my account as developer in their team?
I'm concerned about this because i'm going to use my company account to test this app on devices during the development and xcode , to me, is pretty hard to understand when it comes to change certificates and accounts.
Thanks a lot.
As Alessia already wrote the easiest way is to build the app with the enterprise certificate of your customer. For that your customer has to provide you the private/public key pair or give you access to their enterprise program so you can create and download it.
If your customer do not want to provide it to you (maybe for security reasons) there is another way. It's more complicated especially if your customer has no experience with iOS development. In that case you have to develop and test your app with your own developer program. If your release version successfully passes your quality tests you deliver it to your customer and they need to resign your app. see: example for resign
i think the easiest thing is to make the build with the certificates in enterprise.
So you should ask identity and mobile provisioning created from enterprise account of your client, and then build your app with this certificates.
Your client can also enable (in developer mode) your apple account so you can create yourself certificates (in enterprise).
You can also create multiple target for this management.
Related
My company has an Apple Enterprise Account, which we have used to deploy apps to employees using an MDM. Works fine.
We are developing an app with an outside developer. This app probably will be put in the App Store.
I generally understand the difference between Enterprise and Developer Accounts.
What I don't understand is the need to have 2 separate accounts? I cannot link my Ent to a Dev account? I have to maintain two separate accounts?
Our outside developer wants to use Test Flight for testing, which is fine by me, but we are just starting internal employee testing, so I want them just to send me the archive and I will distribute it internally using our MDM, until I can figure out if we can just "extend" our Enterprise account, and or we want to use Test Flight.
What is best practice regarding this?
The best practice is to decide as early as possible how the distribution of the app will work. If it is truly an internal app not intended for the App Store, then use your Enterprise account. If it is likely to be put into the App Store at some point, then use the normal non-enterprise account and TestFlight for pre-release builds.
It can be an involved process to later transfer the app from one account to the other and may involve intervention by Apple, or changing of the bundle ID. It's best to figure this out ahead of time and put the project into the proper account.
If using your MDM is an absolute requirement, you may be able to create an additional target within the project to use the enterprise account, while the main target uses the non-enterprise account.
Another advantage to using a non-enterprise account and external TestFlight builds is that your app will go though quick, periodic reviews by Apple which can catch many errors before submitting the App Store release candidate.
EDIT: see conclusion at the end of this post.
First off, let me clarify I've found a few similar questions/answers on SO, but none that apply to my particular situation. The one that came closest is this one but it doesn't address the AirWatch aspect.
So I'll try to be very specific.
Background
I have an iOS application that's free. I also have the same app for Android and Windows 10 but those are not my concern.
The iOS app is available to anyone from the App store. But I have a few large corporate customers who use AirWatch to manage the installation/update cycle of their devices. They either have Enterprise or VPP Apple accounts. They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
In my mind, that's a perfectly legitimate request: they just want to have better control over what gets installed on their devices.
Problem
From what I understand, an Enterprise account requires that the application be signed with the customer's certificate. But if I have several such customers, that means I have to re-sign each application for each customer, every time I have a new update available. And those customers that have VPP accounts cannot use them because the VPP program only applies to paid apps, not to free ones.
Note: keep in mind that at that stage when I'm ready to provide the app to these customers, the app has already been reviewed and accepted by the App Store. So it's deemed legit.
After googling this matter for a while, I know it's possible for someone else to resign an app or to sign it for the first time if it is provided in unsigned form to start with. However, resigned apps are apparently not supported by AirWatch (and, I assume, other MDM's as well).
If that information is incorrect, then I guess all I would need to know is the recipe that I, as a coder, have to follow before providing the app to my customers and what kind of steps they have to take in order to deploy using AirWatch.
Question
So how do I get my free app to my customers so they can manage the distribution themselves, without me having to go through yet another set of hassles every time I change something.
Remember: if I only had a single corporate customer I wouldn't give it a second thought and I would just use their own certificates but I have several potential customers with the same requirements, so the point is to make it easy for all of them and for myself.
I hope my question was clear enough, thanks in advance for any help.
EDIT - Conclusion: I was able to validate that an unsigned IPA file can be signed with the customer's certificate and uploaded to their AirWatch distribution app. Which means I simply have to provide the unsigned version to any customer with the same issue and they will be able to distribute the app themselves with their MDM. Hope this information helps others.
If your customers really can't re-sign your IPA, I believe the best solution for you to do would be to sign up yourself for an enterprise account, then use your own enterprise provisioning profile to sign a single ipa for distribution to the companies that need the app. Their MDM platforms should be able to handle the "trusting" of your enterprise signing identity, so the experience for the end users would be no different than if they were installing and running one signed by their own enterprise account.
The downside of this is that you will then be on the hook for providing your customers new versions when your cert of profile is about to expire. If you have them re-sign your IPA, it would be their responsibility to keep track of that and resign / redistribute a new provisioning profile when they expire.
Also, I have never heard of any restrictions on MDM's distributing re-signed IPAs. I don't even understand how they could prevent it, as a properly re-signed IPA should look no different than an IPA that was build and signed using the new signing identity and profile. I would challenge that, as many MAM (Mobile App Management) vendors offer wrapping of apps that do re-sign the binaries and allow you to distribute those resigned IPAs through MDM systems. I would really expect any corporation with Airwatch to know how to resign an IPA using something like iReSign. That really is your easiest option. Build an IPA for each release, send it out to all your clients, and each can re-sign it with their own signing identity. That way if you stop doing development, they aren't reliant on your signing identity and profile to keep the application running.
because the VPP program only applies to paid apps, not to free ones.
You can manage free apps with VPP. It's maybe free but it's still a license. VPP manages licenses for an organization and allows admins to give and tack back these licenses.
I have right now free Apps in my AirWatch Console, in the tab "Purchased". This tab is only available if VPP is configured and displays only apps from the VPP. I can't go check in the VPP myself because I don't have any access but theses free apps wouldn't be in the tab "Purchased" if they weren't bought with the VPP.
They want me to provide them with the IPA file so they can distribute it themselves through AirWatch.
If you are ready to do that, your customers can upload the ipa file as an internal application and then deploy it to their iOS devices. As AirWatch customers, they should have access to the document VMware AirWatch Mobile Application Management (MAM) Guide with the Chatper 4 "Internal Applications". There is a particular process for iOS apps described.
My company has an iOS Enterprise Account to distribute In-House Apps. Now we want to develop an app for a customer. The question is: How to deploy the app to the customer's employee's devices? I heard about a "B2B Program", but I wasn't able to find any further details how to deploy to a special Business Store.
I know that there are a lot of discussion about this topic on the net, but I missed the fine details how the process is working in detail.
So what possibilities we have to get the app installed on the customer's employee's iPads?
EDIT: I don't want to invite beta testers or anything similar. I need an official way to install the app on the devices of the customers employees.
Another faster solution then testflightapp is diawi.com.
The link doesn't hold forever but it takes a few seconds to generate a download link.
You either use an archived IPA or a zipped .app , drag it to the relevant part of the site and it generates a download link for you.
We have been using this with a lot of customers with great success.
Just remember - the link is temporary.
Alternatively you can build a simple web page around the IPA file on a server you own (look at the generated diawi page for reference of the tags and info used).
You can also try OTA Distribution process, for more details go through this link.
Here download link is permanent and you don't need to use any third party tool.
How about using a Mobile Distribution Platform like MobileIron?
http://www.mobileiron.com
A few clients at my work use them and their services are pretty good.
I'm doing this for a client now. B2B is, I think, not what you want. Enterprise distribution is intended, by Apple, for in-house distribution. 'In-house' extends as far as out-of-house reps, and even independent contractors who use your client's in-house business app.
Your client should purchase his own Enterprise Developer's certificate, or ask you to purchase one for him. Use that certificate and associated provisioning profile to publish the app (in the usual way using the 'Ad-Hoc' distribution type). Then deploy over-the-air.
we run a small software company in Guatemala and we're having a bad time deciding/investigating how to deploy an app we were hired to develop.
The current options are, enrolling on the enterprise program, but does that means that we are as a third party cannot do that? How do we get the DUN for our client? (we would jump the app store validation)
Enroll to the traditional developer program and have our application sold via the B2B portal, but Guatemala is not listed as a country where our customer can enroll (and as a custom app we dont know if the approval process would approve our app)
Please any previous experience you can share is welcome.
You can go with below steps:
1) Create developer account on Apple. (You may ask to client to create it).
2) Request client to provide devices UDID number on which, they will test your app. (You can achieve this by going to iTunes, once device connected).
3) Create AppID, provisional profile with client UDID added.
4) Create AdHoc bundle and sent to client for testing the app.
5) Just check the AppStore from where your client can download app from app store. And simple upload the app on AppStore and check that country only.
Note:
To deploy app on App Store, you need developer account. You can not deploy app on App Store with Enterprice account.
Hope, you got an idea of whole process.
Let me know in case of any difficulty.
Cheers!
As stated above in comment. You need to have developer account, to create provisioning profile having device UDID attached.
In your case, you can request your client to create developer account or enterprise account for you or request his client to create developer or enterprise account.
You can also use TestFlight which is great tool for sharing enterprise applications for iOS.
Hope this info helps you.
I have a client that has their own enterprise distribution account. They do not want to give me access to their account for security reasons, I don't want to give them unsigned source code for obvious reasons.
What is the best way to handle this situation to create sample builds for them?
Thanks in advance.
A service like testflight would be my starting point.
You build an adhoc build, register their devices, and distribute it to them to test it.
You don't need their Distribution profiles, and they don't need your code. Everyone's fairly happy!
I did some research on the Apple Developer Website and I think I have found the answer to my question
I am a contractor who wants to create an in-house app for my client. Can I join the iOS Developer Enterprise Program to do that?
No. The iOS Developer Enterprise Program is for companies/organizations to develop and distribute proprietary in-house apps to their employees.
Your client should enroll in the iOS Developer Enterprise Program and add the appropriate developers from your company to their iOS Development Team.
From reading that It sounds like I need to have them add me as a developer on the team which will give me some limited access.
You could add their testing device(s) to your own adhoc profile and distribute the app with your adhoc-certificate.