Hi, Thanks for following up. Platform: iOS (tested on iOS 17.x and iOS 18 betas). Extension type: Apple MatterSupport “Matter Add Device Extension” (Accessory Setup extension). We’re not building a Network Extension provider—our earlier “Network Extension” tag was a mistake. Our setup is a standard iOS app (com.infibrite…) plus the Matter setup extension (com.infibrite…MatterSetupExtension). Both targets need to share Matter fabric credentials via a single keychain access group (com.infibrite.matter.shared) so the extension can commission devices while the main app reuses the stored fabric. App Groups and other capabilities enable correctly, but the “Keychain Sharing” toggle never appears for either App ID in the portal. Because the provisioning profiles can’t include that entitlement, the OS returns errSecMissingEntitlement whenever we reference kSecAttrAccessGroup, so the extension can’t read the credentials. Could you enable Keychain Sharing for these iOS App IDs (main app + Matter setup extension) or let us know how to make the capability visible? Happy to provide the exact bundle identifiers if needed. Thanks again for the assistance! Best regards,

Hi Apple team, Thanks for the follow up. Here are the details you requested: Platform: iOS (running on iPhone hardware; built with Xcode 15, iOS 17 SDK). Extension type: Network Extension provider packaged as an app extension (appex) within the main app target. Keychain configuration: The main app and the extension both have the Keychain Sharing capability enabled with the same access group (for example, ABCD1234.com.example.shared). We also tried the common app group and specifying the access group via kSecAttrAccessGroup, including variations such as $AppIdentifier.KeyChainSharingGroup. Error observed: When the extension attempts to access the shared keychain, SecItemCopyMatching returns status 25291 (errSecNotAvailable), which Xcode reports as "No keychain is available." The same code and access group work from the containing app. Could you advise whether additional entitlements are needed for Network Extension providers on iOS, or if there are specific packaging or provisioning steps we should double-check for appex-based NE providers? If there are recommended examples for keychain access from NE appexes, we would appreciate a pointer. Thanks for your help!

Anyone find a solution to this issue?