Apple Platform Deployment
- Welcome
- Intro to Apple platform deployment
- What’s new
-
-
- Accessibility payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Lock payload settings
- Associated Domains payload settings
- Automated Certificate Management Environment (ACME) payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Cellular payload settings
- Cellular Private Network payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Certificates payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory Service payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Dock payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-on payload settings
- Extensible Single Sign-on Kerberos payload settings
- Extensions payload settings
- FileVault payload settings
- Finder payload settings
- Firewall payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen Layout payload settings
- Identification payload settings
- Identity Preference payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen Message payload settings
- Login Window payload settings
- Managed Login Items payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Relay payload settings
- SCEP payload settings
- Security payload settings
- Setup Assistant payload settings
- Single Sign-on payload settings
- Smart Card payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload settings
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- Xsan payload settings
-
- Declarative app configuration settings
- Authentication credentials and identity asset settings
- Calendar declarative settings
- Certificates declarative configuration
- Contacts declarative configuration
- Exchange declarative configuration
- Google Accounts declarative configuration
- LDAP declarative configuration
- Legacy interactive profile declarative configuration
- Legacy profile declarative configuration
- Mail declarative configuration
- Passcode declarative configuration
- Passkey Attestation declarative configuration
- Screen Sharing declarative configuration
- Service configuration files declarative configuration
- Software Update declarative configuration
- Subscribed Calendars declarative configuration
- Glossary
- Document revision history
- Copyright
Supported smart card functions on iPhone and iPad
In iOS 16 and iPadOS 16.1, or later, Apple offers built-in support for the following capabilities:
Authentication: Safari and authentication in third-party apps supporting CryptoTokenKit
Signing: Mail and third-party apps supporting CryptoTokenKit
Encryption: Mail and third-party apps supporting CryptoTokenKit
Authentication
On iPhone and iPad, the authentication process varies depending on the operating system version. With all versions, iPhone and iPad support soft certificate (derived) credentials and persistent (network based) tokens for websites using Safari and for third-party apps that support CryptoTokenKit. In iOS 16 and iPadOS 16.1, or later, native support for physical smart card authentication using an NFC or a CCID class-compliant reader has been added.
Digital signing and encryption
In the Mail app in iOS 16 and iPadOS 16.1, or later, users can now use a PIV token in a compatible smart card to send messages that are digitally signed and encrypted. To use this feature, users must have a case-sensitive email address subject or subject alternative names on digital signing and encryption certificates which are on attached PIV tokens in compatible smart cards. If a configured email account matches an email address on a digital signing or encryption certificate on an attached PIV token, Mail automatically displays the email signing button in a new message toolbar. A locked lock icon indicates that the message was sent encrypted with the recipient’s public key.