The big news from Apple last week was, of course, the arrival of the new iPhone 5s and iPhone 5c. But Apple executives also recapped iOS 7, the next version of Apple's mobile OS for iPhones, iPads and the iPod touch.
iOS 7 rolls out on Wednesday, two days before the new phones will be available. And while it has a slew of new features users will like, the updated OS also offers important advances for enterprise users.
iOS 6 already has a number of key enterprise features: mobile management support, the ability to query devices for data like information on installed apps, and a remote wipe option if an iPhone or iPad is lost or stolen. But Apple has until now largely avoided linking iOS devices to enterprise identity systems.
Yes, there's been support for Exchange and ActiveSync since the release of the iPhone 3G five years ago. And most mobile management tools can pull data from enterprise identity systems like Active Directory to determine what policies are enforced or preconfigured on a given user's iPhone or iPad. But that's nowhere near the authentication, authorization, and single sign-on options that Windows PCs (and even modern Macs) deliver.
With iOS 7, that changes in some significant ways. Most importantly, iOS now supports enterprise single sign-on. This is a game-changer because it means that once a user's identity is verified and trusted, enterprise apps or commercial apps that access enterprise data or services won't require users to repeatedly authenticate with their Active Directory or enterprise credentials. Better yet, Apple is making it relatively easy for developers to implement its single sign-on model.
Apple's single sign-on model is itself interesting and somewhat novel. Rather than replicate what's done on the desktop, as many vendors of mobile management systems that support containerization and/or app-wrapping have done, Apple took inspiration from the existing iOS account management architecture.
In early iOS releases, user accounts were pretty much restricted to email services, Exchange and Mobile Me (iCloud's predecessor). Even Exchange support had limitations and supported just a handful of sync options: mail, contacts and calendar data. As Apple built in explicit support for other common services like GMail, AOL and Hotmail, it also added new sync options appropriate to each service. GMail, for instance, sports an option to sync calendars and notes.
Support for Twitter and Facebook accounts arrived with iOS 6, and now iOS 7 builds on that with support for LinkedIn. Of course, these accounts are treated differently by iOS than what are essentially mail and related services. Integrating them into the operating system was less about easy setup or syncing personal information than it was about credential-sharing. With iOS 7, users can simply enter credentials that allow iOS itself, the official Twitter and Facebook apps, and any app with an appropriately coded share sheet to access their accounts without requiring another round of authentication.
As a result, you can post a photo to Facebook directly from the Photos app (or any number of third-party apps) or you can tweet from inside Safari and include a link to the page you're reading. You can even post something without opening any app as long as you include these accounts in the iOS Notification Center. Perhaps most important, you can manage what apps have access to your accounts just as you manage which ones can access your location or your photo library. These restrictions are set under Settings --> Privacy.