NOTE: In order to use Sign in with Apple, you will need to have access to an Apple Developer account, created via the Apple Developer Program. This developer account needs to be associated with your institution. If you are not the main holder of the account, you need to make sure that you have the correct permissions. You will need Access to Certificates, Identifiers and Profiles.
Proceed with the following instructions, in order, once you have secured access to your Apple Developer account and have signed-in to the Apple Developer website (go to developer.apple.com and on the top right, click “Account”).
Create an App ID
1. Go to “Certificates, Identifiers & Profiles” on the Apple Developer website.
2. Click “Identifiers” on the sidebar then click the add button (+) on the top left next to the “Identifiers” header..
3. Select App IDs from the list of radio buttons under “Register a new identifier”, then click the blue “Continue” button at the upper right.
4. Select App as the new identifier type, then click the blue “Continue” button at the upper right.
5. In the “Register an App ID” dialog, complete the following information:
a. Description: enter a descriptive title for the App ID, e.g., “Athena Institute Apple Login”.
b. Bundle ID: Ensure the “Explicit” option is selected, and enter a reverse-domain style string to uniquely identify the app bundle. We suggest using a format such as edu.institution.idpproxy.
c. Scroll down the list ofCapabilities and click the “Enabled” box next to Sign In with Apple. Also make sure that “Enable as a primary App ID” is displayed to the right of this option – if it is not, click the “Edit” button and change the option to “Enable as a primary App ID”.
d. Click the blue “Continue” button at the upper right.
6. Review the information displayed on the “Confirm your App ID” page and click “Register” if everything looks correct.
Create a Service ID
1. After completing the steps under Create an App ID, go back to “Certificates, Identifiers & Profiles” on the Apple Developer website.
2. Click “Identifiers” on the sidebar then click the add button (+) on the top left next to the “Identifiers” header.
3. Select Service IDs from the list of radio buttons under “Register a new identifier”, then click the blue “Continue” button at the upper right.
4. In the “Register an App ID” dialog, complete the following information:
a. Description: enter a descriptive title for the Service ID, e.g., “Athena Institute”. NOTE: what you enter here will be displayed on the Apple ID authentication dialog, as part of the text String “Use your Apple ID to sign in to <Description>”.
b. Identifier: enter a unique identifier for the Service ID. We suggest using a reverse-domain style string which extends the “Bundle ID” value of the App ID (see 5.a. Under “Create an App ID”), such as edu.institution.idpproxy.apple.
i. Record the value you specify for the Service ID identifier. This will be used as the API Key value in the Cirrus Console setup.
c. Click the blue “Continue” button and then click on the the blue “Register” button at the upper right.
5. Click on the name of your new Service ID (displayed under the list of identifiers).
6. Under the “Edit your Services ID Configuration” dialog, check the “Enabled” checkbox next to “Sign In with Apple” (underneath the Description and Identifier), then click the “Configure” button on the right.
7. Under the “Web Authentication Configuration” dialog, do the following:
a. Select the App ID you created in the “Create an App ID” section above.
b. Under “Website URLs” click the add button (+)
i. Under “Domains and Subdomains” enter one or more, comma-separated, domain names (without http:// or https://) of your application(s).
ii. Add cirrusidentity.com
iii. Under Return URLs add: https://athena-institute-sk-default-mark.qa.cirrusidentity.com/idp/module.php/authoauth2/linkback.php
iv. Click the “Next” button at the bottom of the “Website URLs” dialog.
c. Click the “Done” button at the bottom of the “Web Authentication Configuration” dialog.
8. Click the “Continue” button upper right of the “Edit your Services ID Configuration” page, then the “Save” button on the following page.
Create a Sign in with Apple Private Key
1. After completing the steps under Create an App ID, go back to “Certificates, Identifiers & Profiles” on the Apple Developer website.
2. Click “Keys” on the sidebar then click the add button (+) on the top left next to the “Keys” header..
3. Under “Key Name”, enter a unique name for the key (e.g., apple login).
4. Select the checkbox next to Sign in with Apple then click the “Configure” button
a. In the “Configure Key” dialog, select the App ID created above (see “Create an App ID” section) from the “Primary App ID” selection dropdown.
b. Click the blue “Save” button at the upper right.
5. Click the “Continue” button at the upper right of the “Register a New Key” dialog.
6. Review the key name, ensure that “Sign in with Apple” is enabled, then click the blue “Register” button (upper right) if everything looks ok.
7. You will be presented with a “Download Your Key” dialog. You will need to do 2 things here:
a. Record the “Key ID” value (this should be a 10-character, alphanumeric value), as you will need this in the Cirrus Console setup.
b. Click “Download” to download your private key.
IMPORTANT: this private key is removed from Apple’s servers once you download it. You must store this key in a secure location, and treat it as you would a password or API secret. If the private key is lost or compromised, you will need to revoke it via the Apple Developer website and create a new one.
8. Click “Done” in the upper right once you have downloaded your private key.
Cirrus Console Configuration
1. Enter the email account associated with your Apple Developer account in the Account Name field.
2. Enter the Service ID identifier (see step 4.a.b.i. under “Create a Service ID” above) in the API Key field.
3. Enter your Apple Team ID in the Apple Team ID field. This identifier (which will be 10-character alphanumeric) can be located in the “Membership Details” panel at https://developer.apple.com/account/.
4. Enter your Private Key ID (see step 7.a. under “Create a Sign in with Apple Private Key” above) in the Private Key ID field.
5. Enter the contents of your downloaded private key file (see step 7.b. under “Create a Sign in with Apple Private Key” above), via copy-and-paste, into the Private Key Contents field. The contents should resemble the following:
-----BEGIN PRIVATE KEY-----
<base64-encoded key contents…>
-----END PRIVATE KEY-----
6. Select one of the available options under ePPN Configuration.
7. Click the Save button in the Cirrus console.
8. You are all set! You can click the "Test Login" button below to test your integration with Apple.