Hi,
It may be a stupid question, but we really wonder if there is a way for MDM to push a unique mTLS cert to our iOS application or if it can populate a client certificate in the iOS where our application can access it. Like browser app, how do browser mTLS certs get pushed?
Thanks,
Ying
Since you mention mTLS, I think you're referring to an identity (certificate plus matching private key). MDM does not have a way to provide MDM-provisioned identities to managed apps.
There's managed app config for providing arbitrary app-defined configurations to managed apps, however that's not appropriate for sensitive data like private keys. To use that you would need to somehow turn that into a secure communication channel.
how do browser mTLS certs get pushed?
Installing an identity via configuration profile or MDM installs it into a keychain access group which Safari and various system processes can access. Some other browsers have their own mechanisms for obtaining identities.