Apple’s new online authorization feature in iOS 13 – Sign in with Apple – allows iPhone, iPad and Mac users to securely sign into apps and websites. But it’s not likely a competitor for business mobile device management (MDM) platforms that also protect user log-ins.
While Sign In with Apple is not designed for enterprise use, iOS 13 does have a new Single Sign-on Extension enterprise developers can access, and it can integrate with existing IDs businesses may already be using.
The Single Sign-on Extension is a set of APIs for mobile management vendors and app developers that lets users log in to apps and websites using the security of Face ID and Touch ID.
Overall, Apple at this week’s Worldwide Developers Conference (WWDC) unveiled the broadest set of solutions for enterprises in years, including user-level enrollment, which makes mobile application management-only (MAM) models on iOS more attractive, according to Nick McQuire, vice president of Enterprise Research at CCS Insight.
For example, on its iOS 13 preview page, Apple touted data separation for Bring Your Own Device (BYOD) programs that maintains user privacy while also keeping corporate data protected.
Apple’s new mobile platform can also create and manage Apple IDs used by employees, giving them secure access to services like iCloud Drive and iCloud Notes.
As for Sign In with Apple, it works natively on iOS and macOS and every account using it is automatically protected with two-factor authentication. On Apple devices, users are persistently signed in and can re-authenticate anytime with Face ID or Touch ID, according to Apple.
The feature will likely be an enabler for MDM platforms, not a competitor. If history is any indicator, the authorization service will be made available to, and leveraged by, mobile management software vendors as a smoother mechanism for authorization into the Apple ecosystem, “which will then be coupled with their federated authentication systems to be used to sign users into the enterprise ecosystem, services and applications,” McQuire said.
While not marketed as a business tool, Sign in with Apple will have “huge enterprise appeal” as a service made available to Apple’s partners, especially mobile management vendors, McQuire said.
Phil Hochmuth, vice president of enterprise mobility research at IDC, agreed, adding that one of the main uses for MDM and enterprise mobility management, in general, is to avoid requiring that users have Apple IDs in order to deploy apps and services to managed iPhones and other devices.
So if mobility management vendors can integrate the Sign In with Apple feature for managed iOS devices in the enterprise (e.g. associating the identity with the device serial number, as opposed to the Apple ID) it’s more useful.
“Even more useful would be federating Sign In with Apple to other enterprise cloud platforms and services,” Hochmuth added. “From a BYOD perspective, where users use their own personal Apple ID on a personal device for work, this could be a great benefit in simplifying access to cloud-based resources and apps. At the same time, it could also complicate the line between personal/professional app access if the use of a personal Apple ID is tied to so many business apps.”
The big question as Sign In with Apple rolls out – it will be available as a beta this summer – is how can it be leveraged by an ecosystem that’s key to the company’s enterprise strategy.
“Overall, I see the MDM/management vendors will likely gravitate to it quickly along with the wide range of other enterprise friendly services that were launched,” McQuire said. “Although details are light at this stage, I can also see the service being attractive to the [mobile] vendors in key use cases such as employee onboarding and helping to streamline user enrolment.”