The Apple Wallet Access Program requires collaboration with a single party or multiple parties in the following participant roles:

• Credential Manager
• Credential Provider
• Participating Provider

Note
Depending on your organization, you can participate in the program as all three roles, or you can participate as one or some of the roles and rely on other parties to fulfill the remaining roles. To learn more, see Integration Models.

Credential Manager

The Credential Manager role configures the pass elements and enables the provisioning and life cycle management of passes and credentials for one or multiple access installations. Credential Managers govern the technology used to manage user information and access authorizations.

The Credential Manager is the primary organization that integrates with the Apple Access platform. For many integrations, either the access solution provider or the Participating Provider fulfills this role. For all integrations, the Credential Manager coordinates all participants involved in the integration (for example, the reader and lock manufacturers, iOS app developers, system integrations, and so on).

Note
Credential Managers who integrate with Apple can use the integration to launch multiple deployments with different Participating Entities.

Credential Provider

The Credential Provider role delivers the credential to the Apple Access platform during the provisioning of the pass on the user device.

Important
The Credential Provider must support at least one of the credential technologies compatible with the Apple Access platform.

When the Credential Manager isn't also acting as the Credential Provider, the Credential Provider is an additional party that integrates with the Apple Access platform and collaborates with the Credential Manager and/or Participating Provider to issue and manage the credentials for mobile passes. For example, the reader manufacturer that controls the cryptographic elements to generate new credentials for the access installation (for example, a master key) may participate as the Credential Provider alongside a Credential Manager that is a different organization.

An integration may involve multiple Credential Providers if the Participating Provider owns sites with readers from multiple manufacturers.

Note
Credential Providers who integrate with Apple can use the integration to launch multiple deployments with different Credential Managers and Participating Entities.

Participating Provider

The Participating Provider is the party that owns or governs the access properties. The Credential Manager and Participating Provider can be the same organization.

When the Credential Manager and Participating Provider are different organizations, the Participating Provider serves as an indirect participant during the integration and must sign a Participating Provider Agreement with Apple through the Credential Manager. In such cases, the Credential Manager administers any development and testing efforts that involve the access systems or iOS apps of the Participating Provider.

Note
If your organization is an indirect Participating Provider, you may need to work with the Credential Manager to incorporate the changes to your systems required to support the Apple Wallet Access Program.