Skip to main content
Version: 2024.3.27

Sign an App Admin Portal

Administrators can use the Admin Portal to sign native iOS and Android apps before distributing them to users. For more information about what signing is and why you need to do it, see About Signing.

iOS apps with watchOS components can't be signed through the Portal; these apps must be signed with the signing package. For more information, see Sign an App (Signing Package) The time required to sign an app varies based on conditions such as network traffic, file size, and server utilization. While signing is in progress, you can click elsewhere in the Admin Portal to perform a different task. If you want to cancel the signing process, click the Cancel button at the top of the page. When signing is complete, the signing status changes from Pending Signing to Signed.

:::

note

When you re-sign an app that was already installed on any of your users' devices, it is important that you sign it with the same signing credentials used to previously sign it.

Before you Begin

Check that you have met all of the requirements in Signing Prerequisites.

Stored or New Credentials

Before you sign an app, you must decide whether to sign with credentials that already exist in Digital.ai App Management (because you saved them previously while signing another app) or with credentials you'll add during the signing process.

tip

When signing an iOS application, you may want to sign with new credentials to take advantage of features that are not available when signing with stored credentials:

  • Correct mismatched bundle IDs and App IDs: If you are signing an app that includes extensions, and not all of the bundle IDs and App IDs match, sign with new credentials so that you can upload the correct provisioning profile for the app and each of its extensions. If you attempt to use stored credentials to sign an app that has extensions, Digital.ai App Management does not know which provisioning profile to use with each extension unless the bundle IDs and App IDs match. When it signs the app, the Admin Portal will automatically modify the bundle ID in the app/extension to match the App ID in the provisioning profile.
  • Compare entitlements in the app/extension with the provisioning profile: It's important to sign with a distribution provisioning profile that has entitlements which match those built into the app. If the app includes extensions, you must sign each extension with a different provisioning profile that has the correct entitlements. When you upload new credentials, Digital.ai App Management compares the app (and any extensions) with each provisioning profile and warns you if the entitlements don't match.

For iOS apps only, the Signing page includes a Current App Signature section that displays information about the provisioning profile(s) with which the app is currently signed.

Back to Top

Sign with Stored Credentials

This method uses signing credentials that you have previously saved while signing other apps in the Admin Portal. For more information, see Store Signing Credentials.

To sign an app with stored credentials

  1. On the Admin Portal nav bar, click Applications.

  2. Find the app you want to sign.

  3. Click Sign under the app's name. The app's Details page opens to the Signing tab.

  4. In the Sign with Stored Credentials section, select the credentials you want to use to sign the app.

  5. In the Password field, enter a password. This field only appears if the certificate file is password-protected and the password is not stored with the credentials.

  6. (Optional) Select the After signing: Enable app checkbox to automatically enable the app after it is signed. For more information, see Disable or Enable an Application.

  7. (Optional) If you select Enable app, then you can also select Notify users about this update to send a push notification to the user's device. This option only works when Push Notification is enabled for the user's App Catalog. For more information, see Push Notification for an App Catalog.

  8. Click Sign. The signing status at the top of the page changes to In Progress.

Back to Top

Sign with New Credentials

This method allows you to provide new credentials during the signing process.

The credentials required during this task depend on whether you're signing an iOS or Android app:

  • iOS: You need to upload one certificate and one or more distribution provisioning profiles. The number of provisioning profiles depends on whether the app includes any extensions.
  • Android: You need to upload only one certificate.

iOS Provisioning Profiles

For iOS apps, the Sign with New Credentials section on the Signing page lists each app and extension on a separate row. If the app includes no extensions, there is only one row. You can click a row to display the following details about each app (or extension) and the provisioning profile, once it has been uploaded:

  • App ID: For the app/extension, this is the bundle ID. For the provisioning profile, this is the App ID associated with the profile. When you upload an explicit provisioning profile that has an App ID that does not match the bundle ID for the app/extension you are signing, Digital.ai App Management will automatically modify the bundle ID in the app to match the App ID in the provisioning profile. For more information, see Manage App Identifiers.
  • Entitlements: Entitlements are permissions, such as Push Notifications or Data Protection, which give an app capabilities beyond what it would ordinarily have. It is important that you sign an app/extension with a provisioning profile that has entitlements that match the entitlements built into the app/extension. For more information on entitlements, see App Extensions and Entitlements.

For more information, see Manage Distribution Provisioning Profiles.

note

Digital.ai App Management allows you to sign using a provisioning profile with entitlements that do not match the entitlements in the app/extension, but users will be unable to install the app. After you upload a provisioning profile, Digital.ai App Management compares the entitlements in the profile will the entitlements in the app/extension and highlights any mismatches.

To sign an app with new credentials

  1. On the Admin Portal nav bar, click Applications.

  2. Find the app you want to sign.

  3. Click Sign under the app's name. The app's Details page opens to the Signing tab.

  4. In the Sign with New Credentials section, in the Key/Certificate P12 File field, click Browse to choose the certificate.

    • It must be in PKCS (Personal Information Exchange File) #12 format and have a .p12 extension. For instructions on importing a Java Keystore to a .p12 file for Android signing, see Import a Java Keystore to a PKCS #12. For instructions on creating a distribution certificate for iOS signing, see Manage Distribution Certificates.
      • When you upload the certificate, the expiration date appears. If the certificate has already expired, obtain your organization's current certificate and upload it.
  5. Depending on whether a checkmark appears by the Password field, do the following:

    a. If a checkmark appears by the blank Password field, it means the certificate does not require a password. Continue with step 6 for iOS apps; continue with step 7 for Android apps.

    b. If a checkmark does not appear by the Password field, enter a password.

    • c. For iOS certificates, this is a password that was defined for the distribution certificate when it was exported from the Login Keychain to a .p12 file.
    • d. For Android certificates, this is a password that was created when the Java Keystore was imported to a .p12 file
  6. (iOS only) In each row, click Browse to select the appropriate provisioning profile. The profile must have a .mobileprovision extension.

  7. (Optional) If you want to store the credentials for future use, see Store Signing Credentials.

  8. If you don't want to store the credentials, click Sign.

  9. In the dialog box that appears:

    a. (Optional) Select the After signing: Enable app checkbox to automatically enable the app after it is signed. For more information, see Disable or Enable an Application.

    b. (Optional) If you select Enable app, then you can also select Notify users about this update to send a push notification to the user's device. This option only works when Push Notification is enabled for the user's App Catalog. For more information, see Push Notification for an App Catalog.

  10. Click Sign. The signing status at the top of the page changes to In Progress.

Back to Top