Signing apps externally

Enforce and Enterprise (hosted) users must sign secured apps externally; Enterprise (on-premises) users may choose to do so. This page outlines the paths and provides links to further details.

Pre-signing setup

In the policy console, choose or define signing profiles. See Using and configuring signing profiles.

On a macOS server external to the console, set up the signing environment. See Signing apps externally on MacOS.

  • To sign iOS apps on a machine running macOS 10.12+, you need:
    • Xcode 8.3.2+
    • Your code signing identity
  • To sign Android apps on a machine running macOS 10.12+, you need:

Blue Cedar supports macOS signing, but you can follow this process to sign Android apps on a Windows server: Signing Android apps on Windows. Install these packages:

Signing process

Once you are set up to sign as described above, follow this process:

Enterprise on-premises: On the App details page, under App Signing > Signing, select Sign Externally.

Enterprise and Enforce: Select a signing profile. You must select a signing profile to apply the security policies. See Using and configuring signing profiles for details.

Note: Signing profiles cannot be added to master profiles.

Click Apply Policies. The policy console injects your app with the policies you chose.

Click Export for Signing to download the secured app from the console.

Unzip and sign the app.