Understanding allowedExternalIntelligenceWorkspaceIDs in MDM Payload – What ID is expected?

Business & Education Device Management
Dev_janjan
Dev_janjan OP
Created Apr ’25
Replies 2
Boosts 0
Views 140
Participants 2

Hello,

We're testing the new allowedExternalIntelligenceWorkspaceIDs key in the MDM Restrictions payload on supervised iPads.

According to Apple's documentation, this key expects an "external integration workspace ID", but it's not clear what this specifically refers to. We've tried the following IDs individually (one at a time, as documentation says only one is supported currently):

  • OpenAI Organization ID
  • ChatGPT user email
  • Apple ID used in ChatGPT
  • Google ID used in ChatGPT login

The profile installs correctly via MDM and the key is set, but we want to confirm:

  1. What exactly is considered a valid "external integration workspace ID" for this key?
  2. Is there a way to verify that the restriction is working as intended on the device (e.g. does it limit specific integrations or apps)?
  3. Is there an official list of services that currently support this?

Any clarification from Apple or other developers with experience on this would be very helpful.

Thanks in advance.

Replies  2
Boosts  0
Views  140
Participants  2
Apple Staff, Device Management Engineer
Device Management Engineer OP
Apple
Apr ’25

allowedExternalIntelligenceWorkspaceIDs restricts the accounts that a user can sign in to for using an external intelligence provider. The values are provided by the external intelligence provider.

Currently Apple devices only support one external intelligence provider, ChatGPT from OpenAI. On the settings for an OpenAI account there's an Organization settings section. That shows the Organization ID. This is the value you provide in allowedExternalIntelligenceWorkspaceIDs.

0
Dev_janjan
Dev_janjan OP
Apr ’25

Thanks for the clarification.

We tested using the OpenAI Organization ID as you suggested. The MDM profile installs successfully and the device shows "Allowed External Intelligence Workspaces added" under Restrictions.

However, when attempting to log in to ChatGPT with an account that belongs to the specified Organization ID, we still receive the error message: "Login failed: Please try with an account and workspace allowed by your administrator."

It seems that even valid accounts from the specified Organization cannot log in. Could you confirm if there are any additional requirements, limitations, or known issues related to this?

Thank you again for your assistance.

0
Understanding allowedExternalIntelligenceWorkspaceIDs in MDM Payload – What ID is expected?
First post date Last post date
 
 
Q