We are going to be using an iPad Pro in an environment where customers will be able to use the applications on the iPad. There are a few apps where only employees should have access too. We were hoping for a setting in which an app could only be opened by a password. By your comments, this doesn't seem to be the case. We will need to find an alternative method, thank you.
@swillette702 As other have said, you cannot lock certain apps with a password, but you could use the whitelist/blacklist profile and scope it on the user level and device level.
Are you deploying the Meraki MDM app? If so (and you have it enabled), users can login with their credentials (if they are configured in Meraki or using a directory connection) and be assigned different profiles depending on their position/department/etc.
I would create a standard blacklist profile for that iPad that hides all the apps you don't want the customer to see and scope that to the "customer owner". Anytime the "customer owner" is logged into the iPad, that blacklist will sync down. If an employee logs into the Meraki MDM app, then they see the employee set of apps (the blacklist would remove).
This is the only work-around I could think of. I don't have a test iPad on hands, but I am sure there is a better way to automate this with a series of policies and profiles so when no user is assigned to the iPad it gets the customer blacklist profile (hiding things you don't want the customer to touch) and when a employee logs in with his/her credentials then they get to see everything. Once I get my hands on a tester, I will give it a go and report back.
Find this helpful? Click the kudos button. Thanks!
@swillette702 A clever workaround a colleague shared is to set a password for Screen Time, and then set specific apps to be disallowed for 23 hours and 59 minutes. It's not perfect, but it does mean that for the majority of a 24-hour period a user will get a passcode prompt to use an app when it's opened.