MC MobilePush Auth Key Support

As explained in @MC MobilePush Auth Key Support , MobilePush customers were required to upload .p8 Auth Keys for their applications prior to the July/August Marketing Cloud release. To give customers additional time to make this transition and to allow our team more time with pilot customers, the enforcement date has been extended to September 14, 2020.

All customers should keep their legacy .p12 Certificates up-to-date until this enforcement date, as they may be used for iOS sending until accounts are transitioned to use the .p8 Auth Keys.

 Updated Timelines:

·   July-Aug: Customers continue to upload/save their .p8 Auth Keys within MobilePush Administration. All iOS sending will continue to use the legacy .p12 Certificates. Even if the customer has uploaded their .p8 Auth Keys, we will not be using them for sends at this time.

·   Sept 1-Sept 13 [tentative]: We will begin early migrations for customers who have correctly uploaded Auth Keys. Internally, we will notify account teams of the customers who are slated for early migration.

·   Sept 14: MobilePush will begin deprecating support for .p12 Certificates and require all iOS sends use .p8 Auth Keys. iOS sends will break if customers have not uploaded Auth Keys for their apps.  

Reminder to Take Action: 

Proactively ask your technical team (app developers, IT, administrators, etc.) to review our updated step-by-step guide (https://sfdc.co/AuthKeyMigrationSept) as well as our documentation (https://sfdc.co/MobilePushProvisioning). Ask them to upload a valid .p8 Auth Key credential set for each of their applications within MobilePush Administration prior to Sept 14. 

Common FAQ:

Q: Do I need to do anything for Android sends?

A: No, this update is only required for iOS.

Q: Do I need to do anything in their app’s code?

A: No, this is purely an update within the Marketing Cloud UI.

Q: Do I need to do anything with our SDK?

A: No, this is purely an update within the Marketing Cloud UI.

Q: How can I test that I've got the right Auth Key?

A: Your developer can manually try testing the Auth Key credentials by sending to Apple directly (https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/sending_notification_requests_to_apns), instead of using MC. 

Q: Does this impact Inbox or In-App sends?

A: Yes. While there is no Apple .p8 Auth Key dependency for Inbox and In-App messages, MobilePush’s UI currently requires iOS customers to upload their push notification credentials, even if they are only using Inbox or In-App. If you do not update your MobilePush app with a .p8 Auth Key prior to Sept 14, then that MobilePush app will show as “Expired” and unavailable to select from the UI when trying to send messages.

UPDATE FOR MARKETING CLOUD MOBILEPUSH .P8 AUTH KEY MIGRATION

As explained in the below post, MobilePush customers were required to upload .p8 Auth Keys for their applications prior to the July/August Marketing Cloud release. To give customers additional time to make this transition and to allow our team more time with pilot customers, the enforcement date has been extended to September 14, 2020.

All customers should keep their legacy .p12 Certificates up-to-date until this enforcement date, as they may be used for iOS sending until accounts are transitioned to use the .p8 Auth Keys.

 Updated Timelines:

·   July-Aug: Customers continue to upload/save their .p8 Auth Keys within MobilePush Administration. All iOS sending will continue to use the legacy .p12 Certificates. Even if the customer has uploaded their .p8 Auth Keys, we will not be using them for sends at this time.

·   Sept 1-Sept 13 [tentative]: We will begin early migrations for customers who have correctly uploaded Auth Keys. Internally, we will publish lists in advance to inform the field of customers being migrated.

·   Sept 14: MobilePush will begin deprecating support for .p12 Certificates and require all iOS sends use .p8 Auth Keys. iOS sends will break if customers have not uploaded Auth Keys for their apps.  

Reminder to Take Action: 

Proactively ask your technical team (app developers, IT, administrators, etc.) to review our updated step-by-step guide (https://sfdc.co/AuthKeyMigrationSept) as well as our documentation (https://sfdc.co/MobilePushProvisioning). Ask them to upload a valid .p8 Auth Key credential set for each of their applications within MobilePush Administration prior to Sept 14. 

Common FAQ:

Q: Do I need to do anything for Android sends?

A: No, this update is only required for iOS.

Q: Do I need to do anything in their app’s code?

A: No, this is purely an update within the Marketing Cloud UI.

Q: Do I need to do anything with our SDK?

A: No, this is purely an update within the Marketing Cloud UI.

Q: How can I test that I've got the right Auth Key?

A: Your developer can manually try testing the Auth Key credentials by sending to Apple directly (https://developer.apple.com/documentation/usernotifications/setting_up_a_remote_notification_server/sending_notification_requests_to_apns), instead of using MC. 

Q: Does this impact Inbox or In-App sends?

A: Yes. While there is no Apple .p8 Auth Key dependency for Inbox and In-App messages, MobilePush’s UI currently requires iOS customers to upload their push notification credentials, even if they are only using Inbox or In-App. If you do not update your MobilePush app with a .p8 Auth Key prior to Sept 14, then that MobilePush app will show as “Expired” and unavailable to select from the UI when trying to send messages.

ACTION REQUIRED FOR MARKETING CLOUD MOBILEPUSH CUSTOMERS

To improve security and reliability, Apple has informed vendors that it is deprecating their “legacy” iOS push notification service later this year. To migrate onto Apple’s new sending service, MobilePush will remove support for .p12 Certificates and instead use .p8 Auth Keys when sending iOS push notifications.

In preparation for this change, MobilePush is allowing customers to upload a .p8 Auth Key for each of their applications within MobilePush Administration. This capability will be made available as part of Marketing Cloud’s June release. 

To avoid disruption of service for iOS messages, customers must submit a valid .p8 Auth Key for each of their applications within MobilePush Administration. This action must be taken before Marketing Cloud’s July release, which is when MobilePush will stop support of the existing .p12 Certificates (in preparation for Apple’s cutoff). 

Where/When:

Timelines are as follows:

• June Marketing Cloud Release: Customers are able to upload/save their .p8 Auth Keys within MobilePush Administration. All iOS sending will continue to use the legacy .p12 Certificates. 
  • Release takes place on May 30 for stacks 4 and 11 and June 6 for stacks 1, 6, 7, 10, and 50. 

• July Marketing Cloud Release: Customers will be required to have/upload/save their .p8 Auth Keys in order to send iOS messages. MobilePush will deprecate support for .p12 Certificates and require that all iOS sends use .p8 Auth Keys.
  • This “cutover” will take place alongside with the July release which is expected to take place on July 25 for stacks 4 and 11 and then August 1 for stacks 1, 6, 7, 10, and 50. 

Who: 

Action applies only to MobilePush customers who are sending messages to iOS devices (effectively all MobilePush customers). 

Take Action: 

Proactively ask your technical team (app developers, IT, administrators, etc.) to review our documentation (https://sfdc.co/MobilePushProvisioning) as well as this step-by-step guide (https://sfdc.co/MobilePushAuthKeyMigration). Ask them to upload a valid .p8 Auth Key credential set for each of their applications within MobilePush Administration before the July release. 

Action must be done before the above dates, which are when MobilePush will make the official cutover to use Apple’s new sending service (via .p8 Auth Keys). If no action is taken before the above dates, then you will face a disruption to your iOS messages. 

COMMON FAQ:

Q: Does the customer need to do anything for Android sends?

A: No, this update is only required for iOS.

Q: Does the customer need to do anything in their app’s code?

A: No, this is purely an update within the Marketing Cloud UI.

Q: Does the customer need to do anything with our SDK?

A: No, this is purely an update within the Marketing Cloud UI.

Q: Does this impact Inbox or In-App sends?

A: Yes. While there is no hard technical dependency on push notifications for Inbox and In-App messages, MobilePush’s UI currently requires iOS customers to upload their push notification credentials, even if they are only using Inbox or In-App. If the customer does not update their MobilePush app with a .p8 Auth Key by the July release, then that MobilePush app will show as “Expired” and unavailable to select from the UI when trying to send messages.