Skip to main content

Renewing APN, ADE and Apps and books tokens

Learn how to easily monitor and renew APNs, ADE, and Apps & Books token states in SuperOps.

Updated yesterday

To help you seamlessly manage your Apple devices, SuperOps manages three essential Apple tokens required for proper device communication, enrollment, and app distribution: the APNs Certificate, the Automated Device Enrollment (ADE) token, and the Apps and Books token.
​

To ensure your devices remain connected and secure, SuperOps clearly displays the status of each token so you can proactively take action.

Understanding token states

All Apple tokens in SuperOps will display one of the following states to help you monitor their health:

1. Active

The token is valid and functioning normally. Your devices can communicate without interruption, enrollment works as expected, and Apps and Books sync normally. No action is required on your part.

2. Renewal Required

This helpful status appears when your token is within 30 days of expiry. Apple allows you to renew before expiry, and your devices will continue to communicate normally during this time. It is recommended to renew the token before the expiration date to avoid any disruptions.

3. Expired

This indicates the token has passed its expiry date. Apple graciously provides a 30-day grace period after expiry. During this grace period, devices will continue to communicate, and you can renew the token without needing to re-enroll your devices.

Note If the grace period is exceeded, all device communication stops immediately and policies cannot be applied. Devices must be re-enrolled after reconfiguration. It is critical to please renew tokens before or within the grace period.

4. Error (Token Changed or Tampered)

This status appears if the token was renewed using a different Apple ID, deleted in the Apple portal, or if the token content was modified. In this state, device communication is cut off immediately, and immediate correction is required.

Managing and monitoring tokens across clients

To simplify token management across all your clients, the MDM Configurations page categorizes Apple MDM tokens based on their status into the following sections:

  • All
    Displays all Apple MDM configurations, regardless of their current status.

  • Renewal Required
    Indicates that the token is approaching expiry but is still valid and functioning. Renewal is required to prevent any disruption in device communication.

  • Expired
    Indicates that the certificate or token has passed its expiry date.

Additionally, if a token has been changed or tampered with, an "Error" label will be displayed against the corresponding MDM configuration.

Similarly, when you open a specific MDM configuration, you can view the status of each token, including whether it is active or approaching expiry.

If a token is invalid, an error message will be displayed within the MDM configuration as well as on the corresponding device page.

How to Renew Apple Tokens

To maintain continuous communication, please follow these steps to renew your tokens.

Renewing APNs Certificate

  • Click the Renew button to begin.

  • A "Renew APN Certificate" dialog box will appear, guiding you through the three-step process.

  • Download CSR file: Click Download CSR. This will save a Certificate Signing Request file to your computer, which is required by Apple.

  • Configure push notifications: Click Go to Apple Push Certificates Portal. You will be redirected to Apple's portal. Log in using the same Apple ID that was used to create the original certificate. Using a different Apple ID will cause the renewal to fail.

  • In the Apple portal, locate your existing certificate and choose the option to renew it. You will be prompted to upload the CSR file you downloaded in the previous step.

  • Upload .pem file: After Apple processes the CSR, download the new push certificate. It will be a .pem file. Return to the SuperOps portal and drag and drop this file into the upload area, or click to browse for it.

  • Once the new certificate is uploaded, click Save to complete the configuration.

Renewing ADE Token

  • Open the client under MDM Configurations, click Renew Automated Device Enrollment, and then select Open Apple Business Manager Portal.

  • Click your Profile name at the bottom left.

  • Navigate to: Preferences β†’ Device Management Settings

  • Under MDM Servers, locate the MDM server linked to SuperOps.

  • Click on the MDM server name.

  • Click Download Token.

  • This will download a .p7m file to your system. This is the renewed ADE server token.

  • Upload this file in SuperOps to complete the setup

Renewing Apps and Books Token

  • Open the client under MDM Configurations and choose "Apps and Books". You will find an option to renew your Apps and Books (VPP ) token.

  • Click "Apple business manager" and login to your ABM portal.

  • Click your Profile name at the bottom left.

  • Go to: Preferences β†’ Payments and Billing

  • Under Content Tokens, locate the token associated with SuperOps.

  • Click the token name.

  • Click Download.

  • This will download a .vpptoken file to your system. This is the renewed Apps and Books token.

  • Upload this token file in SuperOps to complete the setup

Important Best Practices

To ensure a smooth experience, we highly recommend following these best practices:

  • Always renew tokens using the exact same Apple ID.

  • Please do not delete MDM servers inside Apple Business Manager.

  • Regularly monitor your dashboard for "Renewal Required" tokens.

  • Renew tokens before their expiry date to avoid any service interruption.

Related Articles
How to set up APN Certificate to manage Apple devices
How to manually enroll iOS Devices - SuperOps MDM
Setting up Automated Device Enrollment (ADE) in SuperOps for iOS/iPad devices
How to set up the Apps and Books integration for Apple MDM
How to delete your client's MDM configurations
Did this answer your question?