IBM MaaS360

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

This is not something that is expected to be blocked by App Compliance. You might want to look into the "Allow Account Modification" setting, as it could be the source of the issue. If you have certainly tied the problem to App Compliance, I would recommend opening a case with MaaS360 support, so they can resolve it.

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

Thank you for your reply Dustin.

I have removed all Restrictions and had the same behavior. Only once I remove the app restrictions it was working perfectly again.

I opened a ticket with IBM, but as of late their responses get slower and slower. I found other posts with the same issue and the same resolution:

https://www.amobileattempt.com/2020/01/white-listing-apps-on-ios-and-still.html

https://support.addigy.com/hc/en-us/articles/24324484785043-FAQ-My-users-can-t-sign-into-iCloud-or-Google-accounts-on-their-iOS-iPadOS-device-after-implementing-an-App-Allow-List

The issue is that I can not add that Apple Bundle ID into the whitelisted app restricted section as it says "no matching apps found"

This is not something that is expected to be blocked by App Compliance. You might want to look into the "Allow Account Modification" setting, as it could be the source of the issue. If you have certainly tied the problem to App Compliance, I would recommend opening a case with MaaS360 support, so they can resolve it.

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

We were able to get the issue resolved.

In the policy under Supervised Settings - Application Compliance two AppID's need to be added:

com.apple.preferences
com.apple.CoreCDPUI.localSecretPrompt

Make sure to add a comma after the last AppID, otherwise it will not be saved.

Thank you for your reply Dustin.

I have removed all Restrictions and had the same behavior. Only once I remove the app restrictions it was working perfectly again.

I opened a ticket with IBM, but as of late their responses get slower and slower. I found other posts with the same issue and the same resolution:

https://www.amobileattempt.com/2020/01/white-listing-apps-on-ios-and-still.html

https://support.addigy.com/hc/en-us/articles/24324484785043-FAQ-My-users-can-t-sign-into-iCloud-or-Google-accounts-on-their-iOS-iPadOS-device-after-implementing-an-App-Allow-List

The issue is that I can not add that Apple Bundle ID into the whitelisted app restricted section as it says "no matching apps found"

This is not something that is expected to be blocked by App Compliance. You might want to look into the "Allow Account Modification" setting, as it could be the source of the issue. If you have certainly tied the problem to App Compliance, I would recommend opening a case with MaaS360 support, so they can resolve it.

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

I'm dealing with this exact issue, so thank you for taking the time to follow up with a solution. 

I'm not able to add these ID's because I don't have the option 'Application compliance' under 'supervised settings'. (screenshot). 
I'm top level admin.



What could be causing this?

We were able to get the issue resolved.

In the policy under Supervised Settings - Application Compliance two AppID's need to be added:

com.apple.preferences
com.apple.CoreCDPUI.localSecretPrompt

Make sure to add a comma after the last AppID, otherwise it will not be saved.

Thank you for your reply Dustin.

I have removed all Restrictions and had the same behavior. Only once I remove the app restrictions it was working perfectly again.

I opened a ticket with IBM, but as of late their responses get slower and slower. I found other posts with the same issue and the same resolution:

https://www.amobileattempt.com/2020/01/white-listing-apps-on-ios-and-still.html

https://support.addigy.com/hc/en-us/articles/24324484785043-FAQ-My-users-can-t-sign-into-iCloud-or-Google-accounts-on-their-iOS-iPadOS-device-after-implementing-an-App-Allow-List

The issue is that I can not add that Apple Bundle ID into the whitelisted app restricted section as it says "no matching apps found"

This is not something that is expected to be blocked by App Compliance. You might want to look into the "Allow Account Modification" setting, as it could be the source of the issue. If you have certainly tied the problem to App Compliance, I would recommend opening a case with MaaS360 support, so they can resolve it.

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

We were able to get the issue resolved.

In the policy under Supervised Settings - Application Compliance two AppID's need to be added:

com.apple.preferences
com.apple.CoreCDPUI.localSecretPrompt

Make sure to add a comma after the last AppID, otherwise it will not be saved.

Thank you for your reply Dustin.

I have removed all Restrictions and had the same behavior. Only once I remove the app restrictions it was working perfectly again.

I opened a ticket with IBM, but as of late their responses get slower and slower. I found other posts with the same issue and the same resolution:

https://www.amobileattempt.com/2020/01/white-listing-apps-on-ios-and-still.html

https://support.addigy.com/hc/en-us/articles/24324484785043-FAQ-My-users-can-t-sign-into-iCloud-or-Google-accounts-on-their-iOS-iPadOS-device-after-implementing-an-App-Allow-List

The issue is that I can not add that Apple Bundle ID into the whitelisted app restricted section as it says "no matching apps found"

This is not something that is expected to be blocked by App Compliance. You might want to look into the "Allow Account Modification" setting, as it could be the source of the issue. If you have certainly tied the problem to App Compliance, I would recommend opening a case with MaaS360 support, so they can resolve it.

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

I have the exact same problem, so thank you for posting your answer here.

Under the ios policy settings -> 'supervised setting' I don't have an option 'Application Compliance'. I only have 'DNS proxy' and 'Bluetooth'.
I'm top level admin, so what could be causing this?

I do have 'Application Compliance' under 'Device settings', but these fields only allow for actual apps to be selected.

We were able to get the issue resolved.

In the policy under Supervised Settings - Application Compliance two AppID's need to be added:

com.apple.preferences
com.apple.CoreCDPUI.localSecretPrompt

Make sure to add a comma after the last AppID, otherwise it will not be saved.

Thank you for your reply Dustin.

I have removed all Restrictions and had the same behavior. Only once I remove the app restrictions it was working perfectly again.

I opened a ticket with IBM, but as of late their responses get slower and slower. I found other posts with the same issue and the same resolution:

https://www.amobileattempt.com/2020/01/white-listing-apps-on-ios-and-still.html

https://support.addigy.com/hc/en-us/articles/24324484785043-FAQ-My-users-can-t-sign-into-iCloud-or-Google-accounts-on-their-iOS-iPadOS-device-after-implementing-an-App-Allow-List

The issue is that I can not add that Apple Bundle ID into the whitelisted app restricted section as it says "no matching apps found"

This is not something that is expected to be blocked by App Compliance. You might want to look into the "Allow Account Modification" setting, as it could be the source of the issue. If you have certainly tied the problem to App Compliance, I would recommend opening a case with MaaS360 support, so they can resolve it.

We ran into an issue that we can not sign in with the apple ID on DEP enrolled devices if in the policy app restrictions are configured.

Searching the web we found many instances of this issue and as the solution it states to add com.apple.CoreCDPUI.localSecretPrompt as allowed app.

Sources: If users can't sign in to iCloud or Google on a managed iOS device - Apple Support

The problem though is that the App ID will not pull up, so it can not be added to the whitelist.

Does anyone have an idea if there is a newer or different App ID that needs to be added?

Hello Beat,

Thank you for responding. 
Yes the device is DEP enrolled, Token is submitted.

I submitted a ticket and they provided a solution.
I'll post it below for someone who might have a similar problem.

Go to SETUP > Settings > Directory and Enrollment > Advanced Enrollment Settings > Advanced Management for Apple Devices - check the box for Setup Supervised devices using Apple Configurator. This would not force usage of Apple Configurator in any way, I understand just checking the box and pressing Save may allow you to see the other settings.

And indeed after checking the box the policy pages where visible.

------------------------------
Toine
------------------------------