Signing apps with the policy console

On-premises Enterprise deployments only.


Securing an app (injecting security policies) and signing an app (certifying the app was created by you) are two separate tasks. However, to secure an app with security policies, you need to specify signing options.

To code-sign apps with the console:

  • Configure the app signing server. (See iOS app-signing server setup.)
  • Specify Sign on Console.
  • Use a signing profile to specify app-signing parameters.

Unlike a policy profile, which is a collection of settings that can be applied with a policy to inject an app with security, a signing profile is a collection of code signing parameters. Because code signing is platform-specific, each signing profile is unique to Android or iOS.

Signing options

Under App Signing > Signing, select the code signing type.

  • Sign on Console.

    Note for iOS: This option requires you to configure the signing server. See Configuring the signing server.
  • Sign Externally. See Export for external code signing
  • Skip Code Signing: No other configuration. Use this option to sign all apps yourself instead of having the policy console sign the apps.

Select a signing profile. You must select a signing profile or choose Skip Code Signing to apply the security policies. See Using and configuring signing profiles for details.

  • If you chose Sign on Console or Sign Externally, select a signing profile. Click the settings gear to create a new signing profile or edit an existing signing profile, and return to the App details page. 
  • If you chose Skip Code Signing, you cannot choose a signing profile. You need to sign the secured app yourself.

    Signing profiles cannot be added to master profiles.

Click Apply policies. The policy console injects your app with the policies you chose.

Click Download App (or Export for Signing). Your browser downloads the protected app, which you can import to the app store or MDM (after signing, if you didn't Sign on Console).

Setting the default signing type

To set the default signing type:

In the Policy Console, click Settings.

Click Android or iOS.

Under Code Signing Type, select the type of code signing.

Click Apply.

You can override this default setting and select the signing profile on the App details page when applying policies.


On this page