apple-device-management-mdm/declarative/declarations/configurations/security.identity.yaml

title: Security:Identity
description: Use this configuration to install an identity on the device.
payload:
  declarationtype: com.apple.configuration.security.identity
  supportedOS:
    iOS:
      introduced: '17.0'
      allowed-enrollments:
      - device
      - user
      - local
      allowed-scopes:
      - system
      sharedipad:
        allowed-scopes:
        - system
        - user
    macOS:
      introduced: '14.0'
      allowed-enrollments:
      - device
      - user
      - local
      allowed-scopes:
      - system
      - user
    tvOS:
      introduced: '17.0'
      allowed-enrollments:
      - device
      - local
      allowed-scopes:
      - system
    watchOS:
      introduced: '10.0'
      allowed-enrollments:
      - device
      - local
      allowed-scopes:
      - system
payloadkeys:
- key: CredentialAssetReference
  title: Credential asset reference
  type: <string>
  assettypes:
  - com.apple.asset.credential.identity
  - com.apple.asset.credential.scep
  - com.apple.asset.credential.acme
  presence: required
  content: Specifies the identifier of an asset declaration that contains the identity
    to install.
- key: AllowAllAppsAccess
  title: Allow all apps access
  supportedOS:
    iOS:
      introduced: n/a
    tvOS:
      introduced: n/a
  type: <boolean>
  presence: optional
  default: false
  content: If 'true', apps can access the private key.
- key: KeyIsExtractable
  title: Key is extractable
  supportedOS:
    iOS:
      introduced: n/a
    tvOS:
      introduced: n/a
  type: <boolean>
  presence: optional
  default: true
  content: If 'true', the private key is extractable in the keychain.