After implementing an App Allow List using a Restrictions MDM Configuration, your users may experience issues logging into iCloud or Google accounts on their devices.
For iCloud, if your users have a passcode configured, once they attempt to login they will be kicked out of the login process shortly after confirming their device passcode. Below is a video of this behavior:
In the background, Apple runs a process called com.apple.CoreCDPUI.localSecretPrompt, which is a key part of the Core Device Privacy suite of processes. It is directly responsible for decrypting data from iCloud when a passcode is enabled, and the above behavior can occur when it is indirectly blocked when deploying an Allow List onto devices.
You can resolve this issue by allowing the com.apple.CoreCDPUI.localSecretPrompt Bundle ID in your App Allow List within your Restrictions MDM Configuration:
1. Navigate to your Restrictions MDM Configuration > Apps > Allow Listed Apps. Click "Add a Bundle ID":
2. Add com.apple.CoreCDPUI.localSecretPrompt to the new Bundle ID field, then click add:
Once completed, deploy the modified profile and you should be able to log in!
If you run into any issues with this, feel free to send in a Support Ticket.
(Apple Source used: https://support.apple.com/en-us/101891)