I am trying to push out a config profile to setup OSX hosts to request a device cert from our internal CA. Because I need to use this cert to validate hosts via VPN with Cisco Anyconnect, I need all apps (or just anyconnect but there's no easy way to do this programmatically apparently) to be able to access the cert and key (Don't want y users to receive keychain prompts each and everytime they connect to the VPN)
So I configure the profile with this option enabled

I see the key setup in the config file <key>AllowAllAppsAccess</key><true/>
However, when I install the profile and the cert and key are installed in my keychain the ACL for the private key does not have the Allow all apps option

OSX Server, Configuration Profiles