Provisioning with capabilities

Managed capabilities can now be enabled directly in Xcode 15 or later. These capabilities may have one or more entitlements and are now available in the Signing & Capabilities tab in Xcode. Once enabled, new provisioning profiles for that App ID will automatically include the associated entitlements.

Keep in mind that:

  1. This new workflow supports automatic signing and Xcode Cloud workflows by default for features such as CarPlay and multicast networking.

  2. Managed capabilities require approval from Apple to use. Once approved, capabilities can be added to your Xcode targets by program members with access to Certificates, Identifiers & Profiles.

  3. Occasionally, entitlements may only be assigned for a subset of distribution options such as development or ad-hoc. You can verify this by visiting the “Edit your App ID configuration” section in Certificates, Identifiers & Profiles.

  4. Many capabilities and entitlements require an explicit App ID and aren’t eligible for App Clips.

  5. While you can enable all managed capabilities in Xcode, you’ll be prompted to manually update your entitlements file with the correct values for some managed capabilities.

During your next continuous integration test, Xcode Cloud will see the latest configuration of your App ID and include enabled additional capabilities in the provisioning profile automatically. This enables automatic signing for features like CarPlay and Multicast Networking.

Provisioning in Xcode 15 or later with capabilities

In Xcode 15 and later, once the capability is assigned for your App ID, you can configure Xcode to support automatic signing.

  1. In Xcode 15 or later, click the Signing & Capabilities tab.

  2. Enable Xcode automatic signing in your Xcode target.

  3. Click the Capability tab, then double-click the managed capabilities you want to enable for your App ID. Xcode automatically includes the enabled entitlement key and value pair in your app’s entitlements file. Xcode also automatically creates new provisioning profiles with the new entitlements.

  4. Build your app on your device.

Creating a provisioning profile with managed capabilities - Xcode Manual Provisioning

Managed capabilities function just like public capabilities enabled in Certificates, Identifiers & Profiles. Once you’ve updated your App ID configuration with managed capabilities, eligible provisioning profiles automatically include the entitlements. You don’t need to select a group of entitlements in a menu during provisioning profile creation. Note that you may still have the option to select a group of entitlements during profile creation if you were assigned managed capabilities in the past.

  1. In Certificates, Identifiers & Profiles, click Profiles in the sidebar, then click the add button (+) on the top left.

  2. Select the type of profile you need to generate, then click Continue.

  3. Select a profile type, choose the App ID for the project that needs the managed entitlements, then click Continue.

  4. Select a certificate that’s present on your build machine, then click Continue.

  5. Select the devices you’d like to include in this profile, then click Continue.

  6. Before naming the provisioning profile, you may be prompted to choose from managed entitlements. You can skip this step if you already enabled the required features when editing your App ID.

  7. Confirm that you’ve selected the correct template, then click Continue.

  8. Name your provisioning profile, then click Generate.

Verifying managed capabilities are included in a provisioning profile - Xcode Manual Provisioning

Once you’ve updated your App ID configuration and created a provisioning profile, the new capabilities are automatically included.

  1. In Certificates, Identifiers & Profiles, click Profiles in the sidebar.

  2. Select the provisioning profile associated with the app that has the enabled managed capabilities.

  3. If the provisioning profile is invalid, click Edit and save any changes to update the configuration.

  4. View the Enabled Capabilities section to verify that the managed capabilities were enabled for the App ID. You can also view the provisioning profile in Xcode by using the provisioning profile quicklook feature or in terminal with command security cms -D -i <file path to provisioning profile>.

Migrating additional entitlements to capabilities

Additional entitlements are displayed during provisioning profile creation on the developer website. Each time you create a profile, you need to select the additional entitlements from the list assigned. You may need these re-assigned as capabilities that can be enabled for your App ID. Having the feature enabled on an App ID supports provisioning and signing apps with cloud-managed certificates, such as Xcode Cloud. Confirm if any additional entitlements need migration by visiting Certificates, Identifiers & Profiles, selecting an App ID, and clicking the Additional Capabilities tab.

Request additional entitlement migration if any previously assigned entitlements are not visible.

Required role: Account Holder