gravitational · ravicious · Jul 26, 2022 · Jul 26, 2022 · Jul 26, 2022 · Jul 26, 2022
diff --git a/packages/teleterm/assets/connect.provisionprofile b/packages/teleterm/assets/connect.provisionprofile
diff --git a/packages/teleterm/assets/entitlements-inherit.mac.plist b/packages/teleterm/assets/entitlements-inherit.mac.plist
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.inherit</key>
+    <true/>
+  </dict>
+</plist>
diff --git a/packages/teleterm/assets/entitlements.mac.plist b/packages/teleterm/assets/entitlements.mac.plist
@@ -2,9 +2,18 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
   <dict>
-    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
-    <true/>
     <key>com.apple.security.cs.allow-jit</key>
     <true/>
+
+    <!-- com.apple.developer.team-identifier and keychain-access-groups must match those in tsh.app
+      so that Connect has access to the same Secure Enclave keys as tsh.app. -->
+    <key>com.apple.developer.team-identifier</key>
+    <string>QH8AA5B8UP</string>
+    <key>com.apple.application-identifier</key>
+    <string>QH8AA5B8UP.com.gravitational.teleport.connect</string>
+    <key>keychain-access-groups</key>
+    <array>
+      <string>QH8AA5B8UP.com.gravitational.teleport.tsh</string>
+    </array>
   </dict>
 </plist>
diff --git a/packages/teleterm/package.json b/packages/teleterm/package.json
@@ -57,19 +57,22 @@
   },
   "productName": "Teleport Connect",
   "build": {
-    "appId": "gravitational.teleport.connect",
+    "appId": "com.gravitational.teleport.connect",
     "asar": true,
     "asarUnpack": "**\\*.{node,dll}",
     "afterSign": "notarize.js",
     "files": [
       "build/app/dist"
     ],
     "mac": {
+      "appId": "QH8AA5B8UP.com.gravitational.teleport.connect",
       "target": "dmg",
       "type": "distribution",
       "hardenedRuntime": true,
       "entitlements": "assets/entitlements.mac.plist",
-      "entitlementsInherit": "assets/entitlements.mac.plist",
+      "entitlementsInherit": "assets/entitlements-inherit.mac.plist",
+      "provisioningProfile": "assets/connect.provisionprofile",
+      "minimumSystemVersion": "10.12.0",
       "gatekeeperAssess": false,
       "extraResources": [
         {