A configuration profile is an XML file that allows you to distribute configuration information to iOS–based devices. If you need to configure a large number of devices or to provide lots of custom email settings, network settings, or certificates to a large number of devices, configuration profiles are an easy way to do it.
An iOS configuration profile contains a number of settingsthat you can specify, including:
* Passcode policies
* Restrictions on device features (disabling the camera, for example)
* Wi-Fi settings
* VPN settings
* Email server settings
* Exchange settings
* LDAP directory service settings
* CalDAV calendar service settings
* Web clips
* Credentials and keys
* Advanced cellular network settings
Configurationprofiles are in property list format, with data values stored in Base64 encoding. The .plist format can be read and written by any XML library.
There are four ways to deploy configuration profiles:
* By physically connecting the device as described in iPhone Configuration Utility
* In an email message
* On a webpage
* Using over-the air configuration as described in Over-the-AirProfile Delivery and Configuration
iOS also supports using encryption to protect the contents of profiles and guarantee data integrity. To learn about encrypted profile delivery, read iPhone Configuration Utility or Over-the-Air Profile Delivery and Configuration.
This document describes the keys in an iOS configuration profile and provides examples of the resulting XML payloads.
Note: Beforeyou get started working with configuration profiles, you should create a skeleton configuration profile using iPhone Configuration Utility (iPCU). This provides a useful starting point that you can then modify as desired.
Configuration Profile Keys
At the top level, a profile property list contains the following keys:
Key | Type | Content |HasRemovalPasscode | Bool | Optional. Set to true if there is a removal passcode. |
IsEncrypted | Bool | Optional. Set to true if the profile is encrypted. |
IsManaged | Bool | Optional. Set to true if this profile was installed by the current MDM service. |
PayloadContent | Array | Optional. Array of payload dictionaries. Not present if IsEncrypted is true. |
PayloadDescription | String |Optional. A description of the profile, shown on the Detail screen for the profile. This should be descriptive enough to help the user decide whether to install the profile. |
PayloadDisplayName | String | Optional. A human-readable name for the profile. This value is displayed on the Detail screen. It does not have to be unique. |
PayloadIdentifier | String | A reverse-DNS style identifier(com.example.myprofile, for example) that identifies the profile. This string is used to determine whether a new profile should replace an existing one or should be added. |
PayloadOrganization | String | Optional. A human-readable string containing the name of the organization that provided the profile. |
PayloadUUID | String | A globally unique identifier for the profile. The actual content isunimportant, but it must be globally unique. In Mac OS X, you can useuuidgen(1) to generate reasonable UUIDs. |
PayloadRemovalDisallowed | Bool | Optional. If present and set to true, the user cannot delete the profile (unless the profile has a removal password and the user provides it).If locked in this way, the profile can be replaced by a new version only if the profile identifier matches andthe profile is signed by the same authority. |
PayloadType | String | Currently, the only supported value is Configuration. |
PayloadVersion | Number | The version number of the profile format. This describes the version of the configuration profile as a whole, not of the individual profiles within it.Currently, this value should always be 1. |
SignerCertificates | Array | Optional. An...