I am encountering a cloud signing permission error when archiving and uploading an iOS app using Xcode with Automatically manage signing enabled.
Xcode reports that it cannot access or create cloud-managed distribution certificates, and therefore cannot find any App Store provisioning profiles for either the main app target or an associated Notification Service Extension.
The error message returned by Apple’s certificate API indicates that access to cloud-managed distribution certificates is forbidden.
Error messages
Cloud signing permission error
You haven't been given access to cloud-managed distribution certificates.
Please contact your team's Account Holder or an Admin to give you access.
No profiles were found
Xcode couldn't find any iOS App Store provisioning profiles matching the app or extension targets.
Environment
Xcode: 16.x
Signing method:
Automatic signing (App Store distribution)
Apple Developer Program team with existing distribution certificates
Apple ID role:
Admin (recently upgraded from a lower role)
What I have verified
Automatic signing is enabled for all targets
The correct team is selected
Bundle identifiers are valid and already registered
The app and extension exist in App Store Connect
Distribution certificates already exist in the team (previously created manually)
Observed behavior
Xcode attempts to access cloud-managed distribution certificates
Apple certificate service responds with a permission-denied error
As a result, provisioning profiles cannot be generated automatically
Question
After being upgraded to an Admin role, is there a known delay or additional requirement before an account can access cloud-managed distribution certificates, especially for teams that previously used manually managed distribution certificates?
Is there any recommended action (besides waiting or having the Account Holder perform an initial signing operation) to unblock automatic signing in this situation?
Solved
This issue was not caused by Xcode or project configuration.
I contacted Apple Developer Technical Support and provided my Apple Developer account role (Admin), the Xcode IDEDistributionProvisioning logs, and screenshots from Xcode Organizer showing the Archive failure. After investigation, Apple confirmed that the root cause was an App Store Connect API–related permission issue that required a backend update on their side.
Once the backend permissions were updated, I retried the Archive process. Xcode was then able to correctly create and use the Cloud-managed Distribution Certificate and generate the App Store provisioning profiles, resolving the issue.
If you encounter the same error (403 Forbidden, ResultCode 7495, unable to use Cloud-managed Distribution Certificates even as an Admin), contacting Apple Developer Technical Support with the IDEDistributionProvisioning logs and Archive error screenshots is recommended, as this appears to be a backend permission issue.