Guide for Enterprise Deployment on iOS
Guide for Enterprise Deployment on iOS

Resigning Resco Mobile CRM for Enterprise Deployment

Introduction

This document explains the process required for distribution of Resco Mobile CRM application on iOS devices – within the enterprise, without using Apple App Store. This is essential, if you are going to:

  • Use an MDM solution to distribute the app
  • Wrap the app for an MDM solution (and then distribute it as above)
  • Distribute a custom build branded application

This document doesn’t explain the distribution process itself, but rather the steps required before the actual distribution and deployment takes place.

Due to limitations imposed by Apple, it is not possible to distribute and install just any app onto the mobile device. Typically, the app is installed via App Store, where Apple approves it beforehand. If you want to distribute the app within your enterprise without App Store and without Apple’s approval, the process gets a bit more complex.

Generally the app will need to be signed with a special certificate – Enterprise Deployment certificate, which allows the app to run without installation through the App Store. Since Resco has built the application for distribution through the store, you will need to resign the app with the Enterprise certificate in order to distribute it. The details are described on the following pages.

 

Prerequisites

In order to be able to deploy the Mobile CRM application within your enterprise environment, you will need:

  1. Resco Mobile CRM .ipa file (provided by Resco)
  2. Mac (Apple doesn’t allow this process to happen on other than their hardware)
  3. Apple Developer Account (create one for a developer for $99/year) – https://developer.apple.com/support/compare-memberships/
  4. Xcode installed on the Mac (this should be available with the Developer account)
  5. Apple Developer Enterprise program (enroll for $299/year) – https://developer.apple.com/programs/enterprise/

During the testing stage, you can use the Developer Account without enterprise enrollment. Such an account can be used with up to 100 devices that have to be specified before the application is resigned.

 

Creating the provisioning profile – App ID

First of all, you have to register new App ID in your iOS Developer portal. iOS Developer portal is used for generating all the profiles and certificates, registering your app and more. It can be found here – https://developer.apple.com/

As a first step, you will need to create new App ID, which will identify your app. (For detailed help see https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/MaintainingProfiles/MaintainingProfiles.html)
To do that:

  1. Go to Member Center, select Certificates, Identifiers & Profiles
  2. Select Identifiers, then App IDs
  3. Click on ‘+’ to add a new App ID

Choose the „Explicit App ID“ and type the unique bundle ID (let’s say com.yourcompany.mobilecrm) – see Fig. 1.

001

Fig.1 – Registering an App ID

Since there can be only one unique App ID in the universe and ‘net.resco.mobilecrm’ is already taken, we strongly suggest using ‘com.yourcompany.mobilecrm’ as the App ID. This will be used later in the process to identify your app. It will be used for granting the installation rights to the app with this bundle ID only.

Creating the provisioning profile – Provisioning Profile

After that you can create the provisioning profile. (iOS uses Provisioning Profile to verify that the app being installed is from the right developer
and its content is unchanged.)

  1. On the same page (Certificates, Identifiers & Profile)
  2. Select Distribution under Provisioning Profiles on the left
  3. Click ‘+’ to add new

Choose „In-House“ distribution and specify the App ID you just created and your company certificate. The in-house distribution option will not be available if you haven’t enrolled in Apple Developer Enterprise program (see prerequisites).

002

Fig. 2 – Creating the Provisioning Profile

Finally, download the newly created provisioning profile (.mobileprovision file).

During the testing stage (or if you don’t have the enterprise enrollment), you can use „Ad-Hoc“ provisioning profile. In this case, you will have to specify the list of devices on which the application will be entitled to work. Each time you will update this list, you will need to re-download the provisioning profile and resign the application once more to apply the changes.

Resigning IPA

Since the standard Resco application – the one Resco provides to you – is signed for distribution via App Store, you will need to re-sign the app. This will remove the information which allows the app to install and run only from the store and will add the info that you have enrolled in the Enterprise program and the app can be distributed this way.

Here is what you have to do:

  1. Download the iReSign application from https://www.resco.net/downloads/iReSign.app.zip
  2. Unpack it and run iReSign.app included in the ZIP package (see Fig. 3)
  3. Browse the MobileCRM.ipa file as the app package
  4. Browse provisioning profile file that you have previously created and downloaded
  5. You can leave entitlements section blank
  6. Check the box „Change ID“ and type the bundle ID which you have specified during the App ID creation
  7. Choose your company distribution certificate (if you don’t have it see Common Problems) and press „ReSign!“ button.

Resulting IPA should be suitable for your company deployment. The file can be then distributed using the tool of your choice.

003

Fig. 3 – iReSign

Common Problems

I am missing the distribution certificate in iReSign app.

To obtain it, follow these steps.

  • Open the „Keychain Access“ application
  • Choose „login“ keychain and „My Certificates“ category
  • The „iPhone Distribution: Your Company“ certificate item should be listed under this category
  • Make sure that it has the private key included (it should be possible to expand the certificate, and the private key item should be included as its child)

If you are missing the certificate, please open the Xcode/Preferences/Accounts and log in with your company admin/agent credentials. Make sure that you have the iOS Distribution channel created.
If you have the certificate in the Keychain and it misses the private key, go to the Xcode/Preferences/Accounts, open the Details of your account and press the „Reset“ button next to the iOS Distribution item. This action will create the new private key for your distribution channel, and any previous keys will be discarded (!!!). This might result in invalidity of other apps signed with this certificate.

I am missing the private key for distribution certificate, but I have it on another Mac.

In this case, you have to export whole Xcode account from Xcode/Preferences/Accounts and import it on another Mac.
Alternatively, you can export the distribution certificate from „Keychain Access“ (export it as .p12 file, otherwise the private key is not included) and import it on another Mac (just click on it and pass the Keychain wizard).

 

Known Issues

Changing the bundle ID blocks several features of the MobileCRM application:

  • CamCard support does not work on v8.2.x and earlier builds.

 

If Everything Fails

The subject is too complex to cover here each and every problem you may encounter. However, the chances are good that somebody has the answer you seek and published the solution on the web. Consider searching Google, asking on http://www.stackoverflow.com or at the Apple Developer Forum – just to mention obvious choices.