Your account does not have permission to create iOS distribution certificates - ios

I want to upload my app to testflight. when I upload the app Xcode shows this error:
your account does not have permission to create ios distribution certificates
Anyone help me?

This seems to be a bug or poorly described feature in iTunes Connect & the Apple Developer portal.
I had a developer that joined my team, initially as a "member", but wasn't able to create certificates, even after giving him admin access. It turns out, that I believe we were only giving him admin access to Itunes connect, but not to the developer page.
The correct fix was to go to the developer portal, click the "People" tab (or go to this URL https://developer.apple.com/account/#/people/), remove his access, then use the Invite as Admins to add him to the account. He then had to go into Xcode and remove his developer account information, add it back in, and then he was finally able to upload builds to Testflight without this error.

This should be the user permission issue. Please note that only user with Team Agent role has permission to generate certificates for distribution of app outside the App Store. I believe, you are not in Team Agent role. Please double check your permissions.
You can even generate a Certificate Signing Request and send it to your Team Agent. Get back the created certificate from the Team Agent and use it to sign apps.

Based on your comment "Yes, we have a developer account for Team" I am guessing that what you have is an Enterprise Developer account. If you have a Enterprise DA you cannot upload to the apple store/test-flight. You will need to create a personal developer account for that. Enterprise accounts are only good for in house testing and not for external. That's why you are getting this error.

Using keychain, export valid certificate on a computer on which iOS distribution signing identity works. You need two files, one is public - <fileNamePublic>.pem file, and other is private - <fileNamePrivate>.p12 file.
Put those files in a folder on computer on which you need signing identity to work.
Open terminal and browse to the folder you've put them in.
First, type: security import <fileNamePrivate>.p12 -k ~/Library/Keychains/login.keychain
Then type: security import <fileNamePublic>.pem -k ~/Library/Keychains/login.keychain
Open XCode, go to XCode>preferences>accounts>view details and refresh the apple id you are using
You should have signing identities enabled.

Perhaps your iTunes Connect account does not have the correct role?

I was receiving similar error and also, I had a permission to create certificate with my account which has developer role. I tried all of the solutions but none of them worked for me. Therefore, I downloaded provisioning profile from developer account and I used that provisioning profile from manual signing when I was archiving to my build then error disappeared.

Every thing was good with my account, no permission changed as already it was same email id used to purchase the account.
I fixed this problem by removing the account from Xcode preferences and again added it. What i did was immediately added credentials in Xcode preferences right after purchasing the account. I should have to wait for Apple to process the order.

For anyone finding this now: Team Agent no longer exists. If your role is Admin or App Manager you can upload builds and create provisioning profiles, etc. Note that if you get this error when you upload, then ask for the correct permissions and it still doesn't work, quit Xcode and try again!

Perhaps your provisioning profile was expired and even after updating it from Apple's developer website, Xcode doesn't try to fetch the new one.
Here's how to solve it:
Xcode -> preferences -> accounts
Select your Apple ID, and on the right bottom pane select your team and click View Details
Under provisioning profile, find your expired profile, right click, and click Move to Trash
You should be able to sign and upload your app.

If you are getting the same error...Create the .ipa file and upload to https://www.diawi.com/
you will get an link, which you can share with your client.It's not a solution for your question but it will help you.

Related

App Store Connect Upload Error "You haven't been given access to cloud-managed distribution certificates"

Uploading an iOS app to App Store Connect with Xcode (Automatically manage signing) and received this error:
The following errors occurred while locating and generating signing assets. ...
Communication with Apple failed.
You haven't been given access to cloud-managed distribution certificates. Please contact your team's Account Holder or an Admin to give you access. If you need further assistance, contact Apple Developer Program Support at https://developer.apple.com/support
I have checked:
the cert is installed and valid
I have access to Certificates, Identifiers & Profiles
If you have the Admin rights, you can enable this for anyone with Developer role if you
Go to App Store Connect
Select the "Users and Access" tab
Select the right person and under Additional Resources, check both
Access to Certificates, Identifiers & Profiles and
Access to Cloud Managed Distribution Certificate.
If you don't have the Admin rights, you have to ask someone from your organization with Admin rights to do this for you.
the cert is installed and valid
That doesn't matter. New in Xcode 13, if you choose Automatic signing, Apple tries to do cloud-based signing; it doesn't even see the certificate that's on your computer.
But you do not have the cloud-based signing privilege, so it fails.
You have two choices:
Get the privilege. It is really worth it, because cloud-based signing is great! It allows you to distribute from an archive to App Store Connect without having any distribution identity or distribution certificate at all. This totally solves the problem that there's only one distribution certificate at a time.
Switch to manual signing. Now the distribution certificate on your computer will be used. You'll need explicit access to the distribution profile too, obviously; the whole export resigning will be manual. That might be simplest if you're in a hurry.
I haved this error, because new conditions must be accepted on app store connect :
In some cases, the error messages persist even though the steps are completed for the Developer role:
Go to App Store Connect
Select the "Users and Access" tab.
Select the correct person and under "Additional Resources" check both.
Access to Certificates, Identifiers & Profiles and
Cloud Managed Distribution Certificate Access.
From a Admin Role perspective, this is incomprehensible and leads to guesswork for some. But the following led to the goal:
Developer Role: close Xcode
Admin Role: change the role of the user from "developer" to "admin" temporarily
Developer Role: restart Xcode and start the validation/distribution process again. it should run successfully
Developer Role: close Xcode
Admin Role: set the user's role back to "developer".
Developer Role: restart Xcode and start the validation/distribution process again. it should run successfully
In my case, 2 accounts (Admin and Developer roles respectively) belonging in the same team were logged-in in the Xcode Accounts settings. Even though the cloud signing permission for the Developer role was given and the Xcode build settings are properly set for automatic signing, the error persisted.
After deleted the Admin account in the settings, the error no longer appeared and the archive could be successfully uploaded. Perhaps Xcode had trouble resolving cloud signing when 2 logged-in accounts both have the signing permissions.
I've had this problem.
The account has permission, but it cannot be exported
After trying many methods, you can finally give the account management permission, and then change back to the developer permission to export normally.
Suspect cloud service cache problem.

Unable to add device in Apple Developer Program

I am unable to add a new device in the Certificates, Identifiers, and Profiles section of the Apple Developer portal.
I have two developer accounts, one personal account and one account for a company. The account for the company, I am set as a 'member' for the team. This is the account that I am unable to add a new device for. (I am also not able to download the Distribution certificate, which I believe is a related issue that I need resolved too).
I have researched the other similar questions on SO, but neither of them applied to my scenario.
Here is a picture showing the + button disabled (greyed out)
From Apple documentation:
Team members can’t register devices and create development
provisioning profiles using their developer account.
Ask from someone who has Team admin or Team agent privileges to add you.
I figured it out. Team Members are unable to add a new device via the Developer Portal. However, they are allowed to add a new device to the provisioning file via XCode. I was working with Xamarin and didn't know that I needed to go back to XCode in order to add a new device to the provisioning file.
If you're working in Xamarin and experience this problem, you need to create a 'dummy app' in XCode with the same info as your Xamarin app. Then select your team and it should generate the correct provisioning file for you. After that, build and run your app on your device, then a pop up window should display telling you that the device is not in the provisioning file, then asks if you would like to add it. A simple click of 'Yes' will automatically add the device to the provisioning file which is then reflected on the Developer Account.
Hope that helps someone else! I spent many hours trying to figure this out.

Multiple developers on same individual iTunes account

I have an Apples Individual Developer account.
Now I have one more developer to assist me.
I have added him as my Team admin from iTunes Connect.
When he pulled the Xcode project, there is an error saying "No matching provisioning profiles found" in General > Identity.
Why cant he compile the project even though I have added him as a team admin?
Also can he submit the build to iTunes connect?
Image below clearly states that team admin can Create Apps and Submit Version
I have referred to couple of answers on SO, but most of them are outdated(for iOS 3 and above), so I was wondering if Apple has revised the policy in recent days.
I use Xcode 7.3 on OS X 10.11
On iTunesConnect manipulations only with app publishing.
What you might want, is to add him into your Team at developer.apple.com/membercenter.
Then developer via that site generates the Developer Certificate(s) and then creates Provision Profile via Xcode.
You might be getting this error due to missing provisioning profiles in your system. You can download the profiles linked to your account by doing the following steps:
Open XCode
Go to Preferences
Select your Apple ID. If not signed in, sign in to your individual Apple Developer Account
Select your Team from the right pane
Click View Details
Click Download All
Once all the profiles are downloaded, go to Build Settings -> Code Signing and choose the appropriate profiles for each.
In case you get an error again while building, do the following steps:
From your main machine (where you have been using your Developer account before), open Keychain Access
From the left pane, select login
Export the following to any location. It will be saved as a .p12 file. Give a password for them:
iPhone Developer Certificate
iPhone Distribution Certificate
Install these p12 files in your teammate's system.
You should be good to go now!

Uploading app to client account in app store

This is my first time trying to upload app to app store, so I am completely lost. I have searched all over the web about the issue I am having, but could not find how to fix the issue.
Here is the problem:
I have developed an updated version for the existing iPhone app for client. Original version of app is already in app store for long time. Client wants me to upload new version of the app to their account in app store as "prerelease" for testing. They gave me their store account (admin role) username and password to log in. I added the account in Xcode and configured build settings to their team. But, after building the archive, when I click the "Validate" button and select their team, I am getting an error popup with the message "Your account already has a valid iOS Distribution certificate". I can't post images here, so here is snapshot image of the popup):
http://imgur.com/yLL5K1k
Apple troubleshooting documentation (documentation link here) shows that they should export developer profile and give me to import on my Mac. However, client say they don't have Mac and no Xcode, so they can't do it themselves. Apple documentation is mentioning another option - “Revoke and Request”, but I can't see that option. Also, if "revoke" is performed, will that affect client's application (more than 20 apps in app store)?
I have downloaded all of their certificates and profiles from Member center, imported to keychain, added account to Xcode, configured Xcode, but nothing helped.
Does anyone know what can I do, or ask to client, so that I can upload app to their app store account?
Thank you!
You must have downloaded the Distribution certificate from the account. That alone is not sufficient. You must get the private key from the client or developer who has created the certificate first or uploaded the application.
Log in to developer.apple.com portal, using the required credentials.
Click on "Manage your certificates, App IDs, devices, and provisioning profiles." under Certificates, Identifiers & Profiles
Then click on "Certificates"
On the new page Click on "+" button at right upper corner.
Now on this page select "App Store and Ad Hoc" under Production.
Then follow the instructions related to CSR file given on new page.
Note: Create new certificates with unique names so that you won't download old certificates to your mac, mistakenly.
For more info Distributing iOS Apps With iTunes Connect

XCode "Too few items in teams" error when refreshing provisioning profiles

I'm trying to build my apps. I've installed the provisioning profiles that my team has set up. I've installed my developer certificate and the WWDR certificate. But when I refresh my provisioning profile library it throws this error:
I have no idea what to do.
It seems like I had two accounts for apple like most people: 1) email address account and 2) just apple user ID login.
When you sign up for an iOS developer account, only one account gets approved as an iOS developer. It doesn't matter if those two accounts are merged and linked inside apple profile, only one gets approved. You can check this by logging into both accounts separately to their developer website. One account will say you are a member and another will say pay up the fee to become iOS developer.
The problem is that your keychain already stored one of apple id credentials from the past... and you probably signed up for apple iOS developer program using the other apple login. Xcode automatically gets keychain's previously stored credential for 'Teams' section and since that account from keychain was not activated for the iOS developer account, it's complaining that no one is a valid developer in 'Teams'.
To solve this,
delete any, all apple related stuff from your keychain login.
revoke all the problematic profiles, certs, etc from apple website.
just redo provisioning process only using iOS developer approved apple login.
From XCode Organizer's Teams section, click 'refresh' icon at the bottom and follow direction.
This happened to me when I use Apple Developer account which does not have valid iOS developer certificate. The certificate is either expired or never bought in the first place.
Once I log in with the valid iOS Developer account, the problem no longer appears.
My solution was a simple logout from iTunes and Mac App Store. I was loged with an different Apple ID. This Apple ID is different from my Apple ID that I'm using for iOS Program.
I got the message too:
"Too few items in Property/teams/Entity/Developer"
It works now, after adding my account (which is connected with the macbook in itunes and which I used in Xcode) to an "Developer" under "Peoples" at https://developer.apple.com/membercenter/index.action#iPhoneDev
Give it a try.
Just a quick note if somebody from Mac Develop program lands here:
I'm brand new to Apple development, so, maybe this is a common knowledge, but I didn't ran across.
Signed up for Mac Developer program, not iOS, and tried to "Refresh from Developer Portal" with exact same error: "Too few items in teams." Tried all the steps above and elsewhere, with no success.
Ended up calling their support to only find out that this particular functionality doesn't work with Mac Dev only (no iOS Dev) membership profiles. So, manual download/import is the solution as tech on the phone told me that it looks for iOS teams, doesn't find it and errors out.
Hope this helps & saves a couple of hours of frustration for somebody.
Please reference:
https://developer.apple.com/legacy/library/technotes/tn2250/_index.html
Provisioning Profile Refresh Troubleshooting:
If you are receiving the error message:
Too few items in Teams
Perform the steps below:
Open Keychain Access > Passwords category.
Delete the entries for daw.apple.com and daw2.apple.com
Retry the Provisioning Profile Refresh process.
I still encountered the same issue after following the other answers on this page. Here is what I needed to do to get things working.
Make sure that you have fully accepted the invitation email to join the Apple Developer program. Your account admin can verify your status through the management panel.
Click the link inside the "Please verify your email address" email
Click the "submit" button to finish registration
Go to developer.apple.com. In the upper right menu area, select "Member Center." Once in the Member Center, select "Certificates, Identifiers & Profiles."
Verify your accounts have not expired; or if new to the program (or renewal) that the order has been processed.

Resources