With Venn’s Mobile Device Management (MDM) software for iOS, you can provision App Store applications with additional security controls, provide SSO access to key apps and websites, and enforce device security compliance on personally owned mobile devices.

In order to set up Venn’s iOS MDM solution for your organization, you need to complete the following steps:

1. Set Up Apple Business Manager
2. Enable Third-Party Identity Management
3. Determine How You will Manage Users
4. Set Up iOS Push Certificate Configuration
5. Upload Your Organization's VPP Token
6. Add Venn’s MDM Discovery File to Your Web Server
7. Start Using Venn for Mobile

Once you have configured Venn's MDM software for iOS, you must renew your MDM certificate and token every year.

Step 1: Set Up Apple Business Manager

In order to use Venn MDM for iOS, you must first set up Apple Business Manager. You will use Apple Business Manager to manage which users can access Venn for mobile on iOS and to acquire VPP licenses for iOS/iPadOS apps that you would like to make available to your users.

1. Sign up for Apple Business Manager. Reference this Apple support article for instructions.
2. Add your organization's web domain in Apple Business Manager. Reference this Apple support article for instructions.
   • You will need access to your domain registrar to add a TXT record to your DNS zone file so that Apple can verify your domain.
3. Apple Business Manager uses "Locations" to enable bulk app purchasing and provisioning. Configure an additional "Locations" if needed following the guidance below. 
   
   • Apple Business Manager automatically creates a primary Location for you that is named with your business name. If you do not have an Apple Business Essentials subscription, use this primary Location for your Venn MDM setup.
   • If you have an Apple Business Essentials subscription, you must create an addition Location for your Venn MDM setup and assign all users who will use Venn MDM on their phones. Reference this Apple support article for instructions on creating Locations.
4. Disable document sharing via iCloud for your organization. Reference this Apple support article for instructions.
5. Add your organization's tax status information in Apple Business Manager. Reference this Apple support article for instructions.
   • You must provide tax status information in order to access the Payments & Billing section in Apple Business Manager, where you will download your VPP Token in Step 5 below. Once you have provided your tax information, select your name at the bottom of the sidebar, choose Preferences, and confirm that the "Payments & Billing" option is available.

Step 2: Enable Third-Party Identity Management

If your organization uses Microsoft Entra ID (Azure), Google Workspace, Okta, or JumpCloud for identity management in Venn, reach out to Venn support to enable third-party identity management for MDM on our backend. This step is required to ensure that users can log in to Venn for mobile using their IdP credentials.

If you do not use a third-party identity provider for identity management in Venn, you do not need to complete this step. Users will log in to Venn for mobile using their Venn passwords.

Step 3: Determine How You Will Manage Users

In order to use Venn MDM for iOS, each user must have an account set up in Venn and they must have an iCloud account set up in Apple Business Manager.

You have two options for user management in Apple Business Manager:

• Set up third-party IdP federation and SCIM provisioning: If your organization uses a third-party IdP (e.g., Entra, Google) for identity management, you can set up third-party IdP federation in Apple Business Manager. This process is complicated, but it has the benefits of automating user creation and allowing users to log in to their iCloud/Apple Business Manager account using their IdP credentials during the MDM enrollment process (instead of a using a separate iCloud password).
• Manually create user accounts: Alternatively, you can manually create user accounts in Apple Business Manager for individuals who will be using Venn for mobile. This option requires more long-term maintenance, including adding new users and managing users’ iCloud/Apple Business Manager passwords.

Set Up Third-Party IdP Federation and SCIM Provisioning

To set up third-party IdP federation and SCIM Provisioning in Apple Business Manager:

1. Reference this Apple support article for instructions to set up third-party IdP federation.
2. Reference this Apple support article for instructions to set up SCIM provisioning.

Manually Create User Accounts in Apple Business Manager

Reference this Apple support article for instructions to manually create user accounts in Apple Business Manager.

When creating users in Apple Business Manager, keep in mind:

• Each user’s record in Apple Business Manager must match the user’s Email or Alternative login name in Venn’s Company Management Portal.
• Each user's Location must match the Location you will use for your Venn MDM setup. Typically, this is the primary Location in Apple Business Manager. However, if you have an Apple Business Essentials subscription, you will need to assign users to the Location you created following the guidance in step 1 for your Venn MDM setup, not your primary Location.
• After you create an account in Apple Business Manager for each user, create their sign-in information and share their temporary password. When setting up Venn on their Apple device, they will use this temporary password as their iCloud password and will be prompted to create a permanent one. If they ever have trouble signing in to iCloud later, you will need to reset their password.

Step 4: Set Up iOS Push Certificate Configuration

You must add an iOS push certificate to Venn so that you can push policies, updates, and actions to your managed iOS devices.

1. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
2. Click Company admin or Manage > Company admin.

   

3. Click Connected apps in the sidebar at left and select MDM enrollment.

   

4. In the iOS push certification configuration section under iOS MDM enrollment, click Download certificate. This will download a CSR (Certificate Signing Request) file.

   

5. In a new browser tab, navigate to https://identity.apple.com/pushcert/ and sign in with the Apple ID and password you used when you created the certificate.

6. Click Create a Certificate.

7. Click Choose File and upload the CSR file you downloaded from Venn in step 4 above.
8. Download the the signed certificate (.pem) file from Apple. Download this file only once.
9. Return to Venn and click Upload MDM Push certificate.

   

10. Enter the Apple ID used to generate the push certificate and upload the downloaded push certificate from Apple. Click Done.
11. The MDM enrollment modal will update and reflect the new connected status.

    

Step 5: Upload Your Organization's VPP Token

You must upload your organization’s VPP token to Venn in order to synchronize your Apple Business Manager account with Venn so that you can manage and retain ownership and control of purchased work apps on your managed iOS devices.

1. Navigate to business.apple.com and download your content token. Reference this Apple support article for instructions.
   If you have an Apple Business Essentials subscription, Apple Business Essentials uses the content token for your primary Location in Apple Business Manager to assign app licenses. In this case, you must use the content token for the other Location you created following the guidance in step 1 for your Venn MDM setup, not the content token for your primary Location. Reference this Apple support article for more information.
2. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
3. Click Company admin or Manage > Company admin.

   

4. Click Connected apps in the sidebar at left and select MDM enrollment.

   

5. In the VPP Token section under iOS MDM enrollment, click Upload Token.
   

   

6. Enter the Apple ID used for Apple Business Manager and upload the downloaded VPP Token.  Click Done.
7. The MDM enrollment modal will update and reflect the new connected status.

   

Step 6: Add Venn’s MDM Discovery File to Your Web Server

Apple requires that BYOD MDM solutions leverage Account-driven User Enrollment, meaning that the user must enroll by signing in on their device. For this to work, the device needs to confirm that your company’s domain is linked to a trusted MDM provider.

To enable users’ devices to recognize and trust your MDM solution during enrollment, you must upload a JSON file from Venn to the web server(s) that host your domain(s). For example, if your users' email addresses are @example.com, the file needs to go on the web server for example.com.

1. On your web server, create a folder named .well-known in the root of your website.
   • For example, if your domain is example.com, the URL to access the folder should be https://example.com/.well-known/.
2. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
3. Click Company admin or Manage > Company admin.

   

4. Click Connected apps in the sidebar at left and select MDM enrollment.

   

5. In the MDM discovery file section under iOS MDM enrollment, click Download file.

   

6. Remove the .json extension from the downloaded filename so that it is called com.apple.remotemanagement.
   • The extension for the renamed file should be .remotemanagement (not .json).
7. Place the file into the .well-known folder that you created in the root of your website.
   • For example, if your domain is example.com, the URL to access the file should be https://example.com/.well-known/com.apple.remotemanagement.
8. Configure your server to recognize .remotemanagement files as JSON data by assigning them the MIME type application/json.
9. Set the file permissions to ensure it is publicly readable. Typically, use 644, which allows the owner to write and everyone to read the file.

Once you have uploaded the file, we recommend that you verify that the file is accessible from the internet before users begin enrolling their devices.

1.  Add the domain(s) where you placed the JSON file under step 5 in the MDM discovery file section under iOS MDM enrollment.
2. Click Test file accessibility.

   

Step 7: Start Using Venn for Mobile

Once you have completed setup steps 1-6 above, follow the steps below to start using the Venn mobile app at your organization.

1. If you are manually creating user accounts in Apple Business Manager, ensure that you have added all users, they are assigned to the correct Location, and you have created their sign-in information.
2. Follow these instructions to add the iOS applications that you would like users to have access to.
3. Follow these instructions to assign the mobile apps you’ve added to users.
4. Share these instructions with your team, which will walk them through how to set up Venn on their apple mobile device. 
   • If you are manually creating users in Apple Business Manager, make sure you share users’ temporary passwords that they will use to log in to iCloud as part of this process.