Set Up Venn MDM for iOS for Your Company

With Venn’s Mobile Device Management (MDM) software for iOS, you can provision App Store applications with additional security controls, provide SSO access to key apps and websites, and enforce device security compliance on personally owned mobile devices.

In order to set up Venn’s iOS MDM solution for your organization, you need to complete the following steps:

  1. Set Up Apple Business Manager
  2. Enable Third-Party Identity Management
  3. Set Up iOS Push Certificate Configuration
  4. Upload Your Organization's VPP Token
  5. Add Venn’s MDM Discovery File to Your Web Server

After you have completed these steps, users will be able to enroll in Venn’s MDM software on their Apple devices.

Once you have configured Venn's MDM software for iOS, you must renew your MDM certificate and token every year.

Step 1: Set Up Apple Business Manager

In order to use Venn MDM for iOS, you must first set up Apple Business Manager.

Your organization may have already completed some or all of these steps if you have used Apple Business Manager before. Confirm that all of the required items below have been completed before proceeding to Step 2 of the MDM setup process.
  1. Sign up for Apple Business Manager. Reference this Apple support article for instructions.
  2. Add your organization's web domain in Apple Business Manager. Reference this Apple support article for instructions.
    • You will need access to your domain registrar to add a TXT record to your DNS zone file so that Apple can verify your domain.
  3. Configure additional "Locations" for any group of users that will need unique paid applications assigned to them. Reference this Apple support article for instructions.
    • Apple Business Manager uses "Locations" to enable bulk app purchasing and provisioning. If any groups of your users will require access to paid iOS apps like GoodNotes or Procreate for work, ensure that you have a "Location" created for that group of users.
    • Apple Business Manager automatically creates one location for you that is named with your business name.
  4. Disable document sharing via iCloud for your organization. Reference this Apple support article for instructions.

Step 2: Enable Third-Party Identity Management

If your organization uses Microsoft Entra ID (Azure), Google Workspace, or JumpCloud for Identity Management in Venn, follow the steps below to enable your users to log in from your IdP on mobile as well:

  1. Reach out to Venn support to enable third-party identity management for MDM on our backend.
  2. Set up Third-Party IdP Federation in Apple Business Manager. Reference this Apple support article for instructions.

Step 3: Set Up iOS Push Certificate Configuration

You must add an iOS push certificate to Venn so that you can push policies, updates, and actions to your managed iOS devices.

  1. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  2. Click Company admin or Manage > Company admin.

    Updated_CM.png

  3. Click Connected apps in the sidebar at left and select MDM enrollment.

    Company Admin_Connected Apps_MDM Enrollment.png

  4. In the iOS push certification configuration section under iOS MDM enrollment, click Download certificate. This will download a CSR (Certificate Signing Request) file.

    CSR.png

  5. In a new browser tab, navigate to https://identity.apple.com/pushcert/ and sign in with an Apple ID. Follow the guided instructions to upload the CSR to generate a push certificate.
  6. Download the push certificate from Apple.
  7. Return to Venn and click Upload MDM Push certificate.

    MDM_Push.png

  8. Enter the Apple ID used to generate the push certificate and upload the downloaded push certificate from Apple. Click Done.
  9. The MDM enrollment modal will update and reflect the new connected status.

    Push_Complete.png

Step 4: Upload Your Organization's VPP Token

You must upload your organization’s VPP token to Venn in order to synchronize your Apple Business Manager account with Venn so that you can manage and retain ownership and control of purchased work apps on your managed iOS devices.

  1. Navigate to business.apple.com and download your VPP Token.
  2. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  3. Click Company admin or Manage > Company admin.

    Updated_CM.png

  4. Click Connected apps in the sidebar at left and select MDM enrollment.

    Company Admin_Connected Apps_MDM Enrollment.png

  5. In the VPP Token section under iOS MDM enrollment, click Upload Token.

    VPP_Setup.png

  6. Enter the Apple ID used for Apple Business Manager and upload the downloaded VPP Token.  Click Done.
  7. The MDM enrollment modal will update and reflect the new connected status.

    VPP.png

Step 5: Add Venn’s MDM Discovery File to Your Web Server

Apple requires that BYOD MDM solutions leverage Account-driven User Enrollment, meaning that the user must enroll by signing in on their device. For this to work, the device needs to confirm that your company’s domain is linked to a trusted MDM provider.

To enable users’ devices to recognize and trust your MDM solution during enrollment, you must upload a JSON file from Venn to the web server(s) that host your domain(s). For example, if your users' email addresses are @example.com, the file needs to go on the web server for example.com.

  1. On your web server, create a folder named .well-known in the root of your website.
    • For example, if your domain is example.com, the URL to access the folder should be https://example.com/.well-known/.
  2. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  3. Click Company admin or Manage > Company admin.

    Updated_CM.png

  4. Click Connected apps in the sidebar at left and select MDM enrollment.

    Company Admin_Connected Apps_MDM Enrollment.png

  5. In the MDM discovery file section under iOS MDM enrollment, click Download file.

    Company Admin_Connected Apps_MDM Enrollment_MDM Discovery File_Download.png

  6. Remove the .json extension from the downloaded filename so that it is called com.apple.remotemanagement.
    • The extension for the renamed file should be .remotemanagement (not .json).
  7. Place the file into the .well-known folder that you created in the root of your website.
    • For example, if your domain is example.com, the URL to access the file should be https://example.com/.well-known/com.apple.remotemanagement.
  8. Configure your server to recognize .remotemanagement files as JSON data by assigning them the MIME type application/json.
  9. Set the file permissions to ensure it is publicly readable. Typically, use 644, which allows the owner to write and everyone to read the file.

Once you have uploaded the file, we recommend that you verify that the file is accessible from the internet before users begin enrolling their devices.

  1.  Add the domain(s) where you placed the JSON file under step 4 in the MDM discovery file section under iOS MDM enrollment.
  2. Click Test file accessibility.

    Company Admin_Connected Apps_MDM Enrollment_MDM Discovery File_Test.png

Was this article helpful?