The declaration to configure the device to allow WebAuthn enterprise attestation for certain passkeys.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
Attestation identity asset reference. AttestationIdentityAssetReference The identifier of an asset declaration that contains the identity to install and use for passkey attestation. | string | required | — | ✓Yes | iOS (17.0+)macOS (14.0+) |
Attestation identity key is extractable AttestationIdentityKeyIsExtractable If `true`, the private key for the attestation identity is extractable in the keychain. | boolean | optional | true | ✗No | |
Relying parties RelyingParties An array of the relying parties to allow enterprise attestation. 1 subkey | array | required | — | ✓Yes | iOS (17.0+)macOS (14.0+) |
└─ Relying party RelyingParty | string | — | ✓Yes | iOS (17.0+)macOS (14.0+) |
Explore the full catalogue of Apple Mobile Device Management (MDM) and Declarative Device Management (DDM) policies for macOS and iOS. Search, filter, and reference policy keys for use with Microsoft Intune, Jamf, or any standards-compliant MDM solution.
com.apple.wifi.managed – Wi-Fi network configurationcom.apple.vpn.managed – VPN configurationcom.apple.applicationaccess – App and feature restrictionscom.apple.security.pkcs1 – Certificate (PKCS#1) payloadcom.apple.security.pkcs12 – Identity certificate (PKCS#12) payloadcom.apple.security.scep – SCEP certificate enrolmentcom.apple.mail.managed – Mail account configurationcom.apple.eas.account – Exchange ActiveSync accountcom.apple.MCX – Managed Client (macOS) preferencescom.apple.MCX.FileVault2 – FileVault 2 disk encryptioncom.apple.dock – macOS Dock configurationcom.apple.screensaver – Screensaver configurationcom.apple.loginwindow – macOS login window configurationcom.apple.systempolicy.managed – Gatekeeper / system policycom.apple.systempreferences – System Preferences pane restrictionscom.apple.SoftwareUpdate – Software update behaviourcom.apple.TCC.configuration-profile-policy – Privacy Preferences Policy Control (PPPC)com.apple.notificationsettings – Per-app notification settingscom.apple.webcontent-filter – Web content filtercom.apple.dnsSettings.managed – DNS settings (DoH / DoT)com.apple.relay.managed – Network relay configurationcom.apple.extensiblesso – Extensible Single Sign-Oncom.apple.configuration.passcode.settings – DDM: passcode policycom.apple.configuration.softwareupdate.enforcement.specific – DDM: enforced software updatecom.apple.configuration.services.configuration-files – DDM: service configuration filescom.apple.configuration.management.status-subscriptions – DDM: status subscriptionscom.apple.activation.simple – DDM: simple activation predicatecom.apple.management.organization-info – DDM: organization information