Category filter
Configuration profile for Associated Domains settings for macOS devices
This document explains how to use a configuration profile for Associated Domains settings on macOS devices.
Associated domains establish a secure connection between an application and a website, enabling features like shared credentials or seamless integration between the app and the website. Organizations aiming to launch application versions of their websites can establish a connection between their apps and websites using associated domains. This allows their apps to access features such as Extensible App Single Sign-On, shared web credentials, Handoff, App Clips, and universal links. On macOS devices, associated domains between an application and a website can also be established using a custom configuration profile, as explained in the following document. Hexnode’s Deploy Custom Configuration feature helps IT admins install configuration profiles on macOS devices enrolled in Hexnode UEM.
The configuration profile provided below is adapted from a third-party open-source site.
The following configuration profile only works for devices running macOS 10.15 and above.
Set Associated Domains
The following sample configuration profile can be used to set associated domains on macOS devices. This profile will help applications access services such as shared web credentials, Universal Links, Handoff, and App Clips from a specific domain. The configuration profile uses the com.apple.associated-domains payload to configure associated domains. The applications are identified by their app identifier in the ApplicationIdentifier field, and the website domains are specified in the AssociatedDomains field.
Ensure that you have an apple-app-site-association (AASA) file on your website and the appropriate entitlement in your application. An associated domain matches the associated domains entitlement in your app with the apple-app-site-association file on your website.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>Configuration</key> <array> <dict> <key>ApplicationIdentifier</key> <string> “Provide your Application Identifier” </string> <key>AssociatedDomains</key> <array> <string>Specify the service and the websites domain</string> </array> <key>EnableDirectDownloads</key> <true/> </dict> </array> <key>PayloadDisplayName</key> <string>Associated Domains #1</string> <key>PayloadIdentifier</key> <string>com.apple.associated-domains.E86728C2-8A2F-41BA-BEE6-62BAC374B6AF</string> <key>PayloadType</key> <string>com.apple.associated-domains</string> <key>PayloadUUID</key> <string>E86728C2-8A2F-41BA-BEE6-62BAC374B6AF</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDisplayName</key> <string>Associated Domains</string> <key>PayloadIdentifier</key> <string>MacBook-Air-3.D0473C2D-D156-4BBC-913A-26C0D21293B8</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>D0473C2D-D156-4BBC-913A-26C0D21293B8</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> |
Before deploying the configuration profile make sure to do the following changes:
- Enter the Application Identifier of your application in place of “Provide your Application Identifier” in the profile.
- Enter the domain name with a fully qualified hostname in place of “specify the service and the websites domain” in the profile.
The above configuration profile uses the following keys to set associated domains:
- Configuration (Required)
This key defines the dictionary of keys used to specify the associated domains.
- ApplicationIdentifier (Required)
This key defines the app identifier for the application to be linked to a website.
- AssociatedDomains (Required)
This key can be used to define the domains of your website. While defining a domain, use fully qualified hostnames, for example, “www.itletters24.com”. This key can also be used to define domains for specific services such as shared web credentials, Universal Links, Handoff, and App Clips. They should be specified in the form of “service:www.itletters24.com”. The following table describes the types of supported associated domain services and their purposes:
Service Purpose webcredentials Shared web credentials applinks Universal links activitycontinuation Handoff appclips App Clips - EnableDirectDownloads
On devices running macOS 11 and later, applications request AASA (apple-app-site-association) files from an Apple-managed CDN (content delivery network) to associate a domain. These files contain the data required for associating the domains. When this key is set to true, the application downloads the data directly from the website’s server instead of from a CDN.
- To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
- Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
- Ensure that you do not associate conflicting configurations with the devices.
- It is recommended to manually validate the configuration profile on a system before executing it in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.
What happens on the device end?
After successfully installing the profile on a macOS device, the device identifies the application and website using the values provided in the profile and configures an associated domain. For example, the image below illustrates the successful profile installation, associating the domain between the application ‘itletters24‘ and the website ‘www.itletters24.com‘.
