Hi,
My app uses Sign in with Apple as the only login option and this has worked great for 99.99% of my user base.
A small number of users though have Mobile Device Management (MDM) profiles installed on their devices that have disabled iCloud (using Apple Configurator). Even though my app makes no use of iCloud at all, when they try and use Sign in with Apple they get the prompt "You need to sign in with your Apple ID in Settings" even though they are signed in already as shown in Settings and the App Store. I have a subscription based app and they can see in the App Store that they are considered signed in and when they use my app it sees an active subscription tied to that Apple ID.
Same Apple ID on a device without the MDM profile, everything works as expected.
Anyone know if there is a way to solve this?
Thanks!
Just unexpected that iCloud would be tied to Sign in with Apple. Clients have iCloud disabled via MDM profile to ensure corporate data doesn't leave device to areas their corporation doesn't control/have visibility of, but they did not intend to disable Sign in with Apple as well but don't see a way to not do so when they disable iCloud.
Do you know what they actually disabled? If you look at the MDM configuration reference, there isn't a single "Disable iCloud" setting. I'm not actually sure exactly how they've configured their profile and what exactly is causing the "block", but this kind of MDM blockage isn't something you can "bypass". That doesn't mean they couldn't come up with a different configuration that would meet their needs without blocking sign in with Apple.
Even with iCloud disabled, these users are able to sign in to their Apple ID, buy apps and subscriptions with that ID, etc.
History is everything....
If you look back in time, there are actually two different systems at work here:
-
The "App Store Account" originated with the iTunes Music Store and was specifically "an account you used to buy things".
-
The "Apple ID" originated as an account ID used to access a collection of different service ("iTools"->".mac"->"MobileMe"->"iCloud"->"Apple ID").
When these services were originally created and for MANY years afterword, there wasn't really any connection between these two accounts. Speaking for myself, my original Music Store (and App Store) account is/was my "@mac.com" email, but that's simply because that was the email address I was in fact using when I started using the iTunes Music store. My amazon.com account ends in "@mac.com" for exactly the same reason.
Overtime, that division has become a lot less visible, but that's simply because of how usage patterns and account usage has evolved over time, not because they're (necessarily) "the same". For example, if you use the same login in both locations, I don't think it's possible to set a different password for the two systems, but that was done to try and make things less confusing, not because they're INHERENTLY the same. It's possible to have different accounts, in which case they'll have different logins.
__
Kevin Elliott
DTS Engineer, CoreOS/Hardware
