Apple users of the world, 13 is your lucky number: iOS 13 has arrived! This new iteration of Apple’s mobile operating system brings a slew of changes, both consumer-focused and enterprise-grade.
How will iOS 13 impact your organization’s device management strategy, and what should users expect on their devices, whether bring-your-own-device (BYOD), choose-your-own-device (CYOD), corporate-owned or anything in between?
Before we dig into what’s new, let’s briefly review the history of iOS in the enterprise.
Going Apple Picking: iOS Devices and Device Management
The year was 2010. Apple had released iOS 4, and with that release came a novel idea: over-the-air (OTA) enrollment of iOS devices into the consoles of a burgeoning new technology — mobile device management (MDM). While MDM has evolved into the more robust unified endpoint management (UEM), at the time these platforms enabled businesses to become more mobile, allowing employees to do work on any device beyond the typical laptop, desktop and BlackBerry setup.
At the time, this new Apple technology allowed organizations to remotely lock, locate and wipe iOS devices as well as push down necessary applications. This core feature set expanded with each subsequent operating system update while adding control over iCloud backup, containment of corporate data for company-owned and BYOD use cases. The development of the supervised mode feature, better known now as the Device Enrollment Program (DEP), allowed IT administrators to exercise tighter control over corporate devices, from disallowing personal Apple IDs and settings to locking a device down with application blacklisting, whitelisting or single app kiosk mode.
Apple Applies Appropriate App Management Updates
Apple has made it easier for an organization to distribute its corporate applications to users — both enrolled in UEM and not. This latest OS update extends iOS’s previous single sign-on (SSO) capabilities to now integrate biometric checks such as Face ID and Touch ID with an organization’s existing identity platform
Identity and access management (IAM) is a hot topic in the context of a modern digital transformation, and we will further explore Apple’s new approach to SSO. But before a user can be granted access, a corporate app needs to be distributed to a device.
Corporate App Distribution
During the infancy of Apple’s MDM technology, an organization with its own enterprise apps would be required to upload that application into a UEM platform, sign for it, then distribute it to appropriate users. Apple improved this workflow via its B2B App Store and in-house apps. During the 2019 WWDC, Apple further improved this process with Custom Apps Distribution—a new model that allows for organizations to use the Apple App Store’s infrastructure as the means of app distribution.
Rather than an enterprise having to sign and host the app, Apple will instead review the app, approve it and make it available to that enterprise’s employees once they enroll in a UEM or via a redemption code for unenrolled users. This takes away the pain often associated with giving users access to internal apps. Plus, it opens up the door for one-off sharing of enterprise apps, giving contractors access without needing full device management.
Apple Single Sign On in iOS 13
Now that we’re all educated on the journey of an app from cloud to device, it’s time to expand on SSO in iOS 13. Previously, SSO on a managed device and application was accomplished by linking an organization’s Security Assertion Markup Language (SAML)-based identity solution with its existing UEM platform. Users would then need only one set of credentials across all applications within their organization.
It’s an exceptionally popular strategy in 2019, and most organizations — from small businesses, to mid-market, to enterprise-level — have installed some form of an identity tool.
Apple has followed the SSO trend with the release of its brand new SSO extension available in iOS 13 that allows any application or webpage to be integrated with an existing identity provider to now allow for authentication via Touch ID and Face ID. It can be argued that biometric authentication is more secure than passcodes, as passcodes come with the risk of being phished or written down on a sticky note for all to see.
Beyond a secure way of granting access, the update also aligns with Apple’s mission to effectively enable end users. This translates well to the enterprise because it keeps data secure while simultaneously providing a frictionless experience. Apple continues to make strides in limiting the pain points an organization may experience when adopting an Apple device management strategy and identity management posture.
Learn How to Get the Most Out of Your iOS 13 Deployment
Another way to limit that pain is via a leading UEM platform that is equipped to not only support the changes presented in iOS 13, but also to provide a pathway to SSO.
Don’t just take my word for it, though. On Oct. 3 at 2 p.m. ET, join experts from IBM Security’s product and marketing teams as they take a deep dive into iOS 13, iPadOS and macOS Catalina and discuss how enterprises can make the most of this new Apple frontier.
Register for the webinar to learn more.
The post iOS 13 at Work, Part 1: Enabling Single Sign-On (SSO) and Distributing Custom Apps appeared first on Security Intelligence.