July 16, 2026 Stories worth reading. Perspectives worth sharing.
iPadOS 27.0 Beta 3 v.2: New Identity, SSO, and Passkey Capabilities for Enterprise and Developers
Apple Identity

iPadOS 27.0 Beta 3 v.2: New Identity, SSO, and Passkey Capabilities for Enterprise and Developers

Mo Wasay July 13, 2026 4 min read
iPadOS 27.0 Beta 3 v.2: New Identity, SSO, and Passkey Capabilities for Enterprise and Developers

Apple has released iPadOS 27.0 beta 3 v.2 (build 24A5380l), delivering a suite of enterprise-focused identity, authentication, and device management changes. This article covers what shipped, what’s coming soon, and actionable steps for IT admins and developers integrating Apple platforms.

WHAT APPLE JUST SHIPPED: iPadOS 27.0 Beta 3 v.2 Highlights

  • AuthenticationServices Updates: New APIs for Passkey autofill and cross-device credential transfer, targeting iPadOS 27.0.
  • Enhanced Platform SSO Extension: Streamlined Kerberos and SAML flows, improved error handling, and expanded MDM payload support.
  • Managed Apple ID Improvements: Native support for federated Entra ID and Okta login, with new sign-out restrictions for corporate fleets.
  • MDM Declarative Management: Beta support for declarative status reporting on managed iPads, with new security payloads (e.g., passkey enforcement, App Tracking Transparency controls).
  • Wallet Digital Credentials: ISO 18013-5 driver’s license integration and expanded Verifiable Credential APIs.

Version requirements: These features require iPadOS 27.0 beta 3 v.2 (released July 13, 2026). Most APIs are present in the latest Xcode 18 beta and Apple Configurator updates. For testing, devices must be enrolled in Apple Business Manager or School Manager and running the beta.

WHAT’S COMING: WWDC24 Announcements and Beta Previews

  • Passkey Account Recovery: Announced for iPadOS 27 and macOS 15, allowing users to recover passkey access via Managed Apple IDs, with granular admin controls.
  • Federated SSO for Third-Party Apps: Expanded SSO extension support for OAuth2/OpenID Connect, enabling seamless sign-in for enterprise apps using Entra ID/Okta.
  • MDM Device Attestation: Upcoming attestation APIs for verifying device integrity and Secure Enclave status, available in Fall 2026.
  • App Tracking Transparency Enforcement: Declarative MDM payloads to restrict or audit ATT settings, with reporting to Apple Business Manager.

WHY THIS IS BETTER: Key Improvements Over Previous Releases

  • Passkey Integration: Prior iPadOS versions lacked seamless passkey autofill and cross-device transfer. The new AuthenticationServices APIs bring parity with Android’s Credential Manager and Windows Hello, but with richer iCloud Keychain sync and enterprise policy controls.
  • Platform SSO Extension: Previous SSO implementations required manual error handling and did not support federated sign-out. iPadOS 27.0 beta 3 v.2 improves reliability, auditability, and lets IT enforce sign-out restrictions—crucial for regulated environments.
  • Declarative Device Management: Legacy MDM was event-driven and slow to reflect device state. Declarative management (now in beta) provides real-time compliance enforcement and status reporting, directly to ABM/ASM and MDM consoles.
  • Federated Managed Apple IDs: Earlier releases supported Entra ID/Okta federation but lacked granular sign-in/sign-out control and device attestation for high-security fleets. iPadOS 27.0 closes that gap.

HOW TO IMPLEMENT OR RESPOND: Concrete Steps for Admins and Developers

For Developers: Passkey Integration in Swift

Use the new ASAuthorizationPlatformPublicKeyCredentialProvider API for passkey autofill and transfer:

import AuthenticationServices

let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: "example.com")
let request = provider.createCredentialRegistrationRequest()

let authController = ASAuthorizationController(authorizationRequests: [request])
authController.delegate = self
authController.performRequests()

To enable cross-device transfer:

request.allowCredentialTransfer = true

For Admins: Enforcing Passkey Policies with MDM

Push a declarative profile to require passkeys and restrict ATT:



  PayloadType
  com.apple.declarative.management
  PayloadVersion
  1
  StatusItems
  
    
      Identifier
      passkeyEnforcement
      Enforced
      
    
    
      Identifier
      appTrackingTransparencyRestriction
      Restricted
      
    
  

For Admins: Managed Apple ID Federation Audit (Entra ID/Okta)

Verify federation status in Apple Business Manager:

  1. Log in to Apple Business Manager (business.apple.com).
  2. Go to Settings > Accounts > Federation.
  3. Check Status: Ensure “Federated” is shown for Entra ID/Okta.
  4. Review Last Sync and User Count for discrepancies.
  5. Test sign-out restriction by logging out a Managed Apple ID on a beta device.

For Security Engineers: Device Attestation Audit

On beta devices, verify Secure Enclave status:

system_profiler SPiPadDataType | grep 'Secure Enclave' # Should report "Available"

WHAT TO CHECK: Concrete Verification Steps

  • Developers: Confirm passkey autofill and cross-device transfer in your app using the new API, and verify registration in the relying party dashboard.
  • IT Admins: After deploying new MDM payloads, check compliance in your MDM console (Jamf, Kandji, etc.): Device > Security > Passkey Status.
  • ABM/ASM Portal: Validate Managed Apple ID federation and sign-out restrictions under Settings > Federation.
  • Security Engineers: Use device attestation commands to confirm Secure Enclave functionality.

BOTTOM LINE: Prioritised Recommendations

  • Developers: Update apps to adopt new Passkey and AuthenticationServices APIs for iPadOS 27.0. Test autofill and credential transfer logic now.
  • Admins: Pilot declarative device management and enforce passkey/ATT policies on beta fleets. Audit Managed Apple ID federation for gaps.
  • Security Engineers: Validate device attestation workflows ahead of Fall 2026 rollout and monitor Secure Enclave health.
  • Stay current: Monitor Apple’s beta updates and documentation for evolving MDM and identity capabilities as the iPadOS 27.0 release approaches.