To manage your Apple devices (iPhones and iPads) with SuperOps, you first need to establish a secure connection with Apple's push notification service. This is done by creating and uploading an Apple Push Notification service (APN) certificate. This certificate allows SuperOps to securely communicate with your managed iOS devices. This guide will walk you through the entire process.
Create a New MDM Configuration
Navigate to Settings and select MDM configuration from the menu.
Click the New configuration button to start setting up MDM.
To begin configuring Apple devices, click on Add APN Certificate under the 'Setup iOS devices' option.
Generate and Upload Your APN Certificate
Follow the steps in the 'Add APN Certificate' wizard to get your certificate from Apple and link it to your SuperOps account.
Download the CSR file: The first step is to download a Certificate Signing Request (CSR) from SuperOps. This file is required by Apple to generate your unique push certificate. Click Download CSR file.
Configure push notifications: Next, click Open Apple Portal. This will open the Apple Push Certificates Portal in a new browser tab.
Sign in with your company's Apple ID. If you don't have one, you will need to create it.
Once signed in, click Create a Certificate on the Apple Push Certificates Portal homepage.
On the 'Create a New Push Certificate' page, click Choose File and Upload the CSR file you downloaded from SuperOps in Step 1.
Apple will confirm that the certificate has been created. Click Download to save the new push certificate (.pem file) to your computer.
Upload the .pem file: Return to the SuperOps application. Drag and drop the .pem file you just downloaded from Apple into the upload area, or click to browse for it. Enter the same Apple ID you used to create the certificate on the Apple Portal and Click on "Save.
The email address provided here will be used to send reminder notifications before the APN certificate expires.
Configuration Complete
Once saved, the APN certificate is successfully configured. You will now see the APN ID, the associated Apple ID, and the certificate's expiration date. It's important to note that APN certificates are valid for one year and must be renewed annually to maintain MDM functionality.
With your APN certificate in place, you are now ready to start enrolling devices manually and managing your iOS devices through SuperOps.
Renew Your APN Certificate
To maintain continuous communication and management of your Apple devices (iOS, iPadOS, macOS), it is crucial to keep your Apple Push Notification (APN) certificate up to date. This certificate is valid for one year and must be renewed before it expires to avoid losing connection with your managed devices.
SuperOps will proactively notify you 30 days before your certificate's expiry date to ensure you have ample time for renewal.
How to Renew your APN certificate
When your APN certificate is within 30 days of expiring, a warning banner will appear on the iOS settings page. Follow these steps to complete the renewal process:
Click the Renew button to begin.
A "Renew APN Certificate" dialog box will appear, guiding you through the three-step process.
Download CSR file: Click Download CSR. This will save a Certificate Signing Request file to your computer, which is required by Apple.
Configure push notifications: Click Go to Apple Push Certificates Portal. You will be redirected to Apple's portal. Log in using the same Apple ID that was used to create the original certificate. Using a different Apple ID will cause the renewal to fail.
In the Apple portal, locate your existing certificate and choose the option to renew it. You will be prompted to upload the CSR file you downloaded in the previous step.
Upload .pem file: After Apple processes the CSR, download the new push certificate. It will be a .pem file. Return to the SuperOps portal and drag and drop this file into the upload area, or click to browse for it.
Once the new certificate is uploaded, click Save.
After saving, a confirmation message will appear at the bottom of the screen, and the expiry warning banner will be removed. The new expiry date for your certificate will be updated automatically.
What happens if the certificate expires?
When your Apple Push Notification (APN) certificate expires, SuperOps will display an expiry alert within your SuperOps portal. SuperOps will lose communication with all enrolled Apple devices. This means device commands, policy updates, and management actions will no longer work.
Apple provides a 30-day grace period after the expiry date during which you can still renew your certificate. If the certificate is renewed within the grace period, SuperOps can communicate with Apple with the existing APN certificate.
If the grace period passes without renewal, you will need to create a new APN certificate and re-enroll all existing devices, which can be time-consuming and disruptive.
To avoid service interruption, we highly recommend renewing your APN certificate before it expires.
β
Next, you can now start manually enrolling devices into SuperOps