Apple iOS app signing and distribution is a complicated task whose execution most persons would rather leave up to the developer of an app rather than take on themselves. So it is sometimes surprising for developers to learn that here at Emory we don't want to delegate this task when it comes to our branded apps. The reason is simple: if an app is branded by Emory, then Emory must control the distribution.
Make sure the developer of your app knows about this policy and agrees to its terms before you enter into any agreements with them. Some developers raise objections when confronted with this requirement. If you are using a preferred vendor then you'll never need to worry as that is a requirement of their vetting for this program.
Emory University implements this policy by holding 2 Apple Enterprise Developer accounts in addition to one Apple Developer account.
Apple Developer Account
This account is used to manage Emory's presence in the Apple App Store. We will never give credentials for this account to anyone outside the Emory employees who are authorized to manage the distribution of Emory Approved apps. The same thing goes for all the so called "secrets" that are managed by the account such as signing certificates containing private keys and provisioning files.
This also means that we will not add the developer to the account and assign them a more restrictive role (i.e. application specific developer role) for the appstoreconnect app.
Apple Enterprise Accounts
One of the enterprise accounts is used to support our internal marketplace that we use for internal distribution of apps for review purposes. We use the Apperian mobile management app to resign and upload the app, a IPA binary file, into the server. Authorized users can then install the app on their iOS mobile device. Every app that Emory manages in the App store will have first been installed in this App catalog for review. We will never give credentials that access this account to anyone outside the Emory employees who are authorized to manage apps in this internal marketplace.
The other enterprise account is reserved for signing account. More about that later.
Building the App for Emory
If you are a developer of a potential Emory endorsed app or an app destined for the internal app catalog, you do not need any of the aforementioned account credentials to produce an IPA of your app. You can export an IPA by creating an ad-hoc provisioning file, either manually or with Xcode or any other another provisioning method you might be using (e.g. fastlane, fabric, etc.). This file should be built with any entitlements that your app requires and a certificate from your Apple developer or enterprise developer account. In other words, just build the IPA as if you were going to archive a release for the Apple App Store or ad-hoc distribution. Then you can export it from Xcode (or some other build system) and make it available to the Emory Mobile App Review and Distribution team who will then load it into the internal app catalog.
If the app is meant for public distribution, the original IPA will be resigned with the Emory developer account certificate and a provisioning profile created specifically for your app. Finally it will be uploaded to Apple App Store to begin their review before being made ready for sale.
Emory uses its second Apple Enterprise Developer account in the rare case where the developer is unable (or unwilling) to use their own Apple Developer or Enterprise Developer account artifacts to sign an IPA for Emory. This has only come up once so far and the development platform is called "Good Barber". Good Barber is a DIY app building and publishing platform that allows inexperienced developers to create native mobile and responsive web apps.
Good Barber leaves it up to the client to procure either an Apple Developer or Enterprise Developer account (or both). An Enterprise Developer account is required for creating an IPA. GoodBarber guides the client through the process of creating and/or exporting the in-house distribution cert, App ID and provisioning profile using the Apple developer portal and uploading them to the Good Barber server. It then uses these secrets to sign an IPA which the client can then download. Note that Good Barber did not want nor need the Apple account credentials.
This is where the second Apple Enterprise Developer account comes in handy. This is the account used on-behalf of the client to to create the signing artifacts necessary for Good Barber to create the IPA.
Kudos to Good Barber for supporting the Enterprise Development model and allowing our departments to take advantage, where appropriate of this low-cost, easy-entry alternative to professional app development.
Right now the apps (both iOS and Android) are loaded into the Emory App Catalog and are being reviewed for branding and public distribution so it is not certain yet that this app will pass all reviews or can be configured by the client to solve any problems identified by the review team.