Setting up iOS MDM Enrollment

With Venn’s Mobile Device Management (MDM) software for iOS, you can provision App Store applications with additional security controls, provide SSO access to key apps and websites, and enforce device security compliance on personally owned mobile devices.

In order to set up Venn’s iOS MDM solution for your organization, you need to complete the following steps:

  1. Set Up iOS Push Certificate Configuration
  2. Upload Your Organization’s VPP Token
  3. Add Venn’s MDM Discovery File to Your Web Server

After you have completed these steps, users will be able to enroll in Venn’s MDM software on their Apple device.

Step 1: Set Up iOS Push Certificate Configuration

You must set up iOS push certificate configuration in Venn so that you can push policies, updates, and actions to your managed iOS devices.

  1. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  2. Click Company admin or Manage > Company admin.

    Updated_CM.png

  3. Click Connected apps in the sidebar at left and select MDM enrollment.

    Company Admin_Connected Apps_MDM Enrollment.png

  4. In the iOS push certification configuration section under iOS MDM enrollment, click Download certificate. This will download a CSR (Certificate Signing Request) file.

    CSR.png

  5. In a new browser tab, navigate to https://identity.apple.com/pushcert/ and sign in with an Apple ID. Follow the guided instructions to upload the CSR to generate a push certificate.
  6. Download the push certificate from Apple.
  7. Return to Venn and click Upload MDM Push certificate.

    MDM_Push.png

  8. Enter the Apple ID used to generate the push certificate and upload the downloaded push certificate from Apple. Click Done.
  9. The MDM enrollment modal will update and reflect the new connected status.

    Push_Complete.png

Step 2: Upload Your Organization's VPP Token

You must upload your organization’s VPP token to Venn in order to synchronize your Apple Business Manager account with Venn so that you can manage and retain ownership and control of purchased work apps on your managed iOS devices.

Your organization must be enrolled with Apple Business Manager in order to download your VPP Token. Learn how to sign up for Apple Business Manager.
  1. Navigate to business.apple.com and download your VPP Token.
  2. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  3. Click Company admin or Manage > Company admin.

    Updated_CM.png

  4. Click Connected apps in the sidebar at left and select MDM enrollment.

    Company Admin_Connected Apps_MDM Enrollment.png

  5. In the VPP Token section under iOS MDM enrollment, click Upload Token.

    VPP_Setup.png

  6. Enter the Apple ID used for Apple Business Manager and upload the downloaded VPP Token.  Click Done.
  7. The MDM enrollment modal will update and reflect the new connected status.

    VPP.png

Step 3: Add Venn’s MDM Discovery File to Your Web Server

In order to enable users’ devices to locate the MDM server when they are enrolling their Apple device, you must download a JSON file from our portal and place it on the web server(s) that host your domain(s).

  1. On your web server, create a a file in named /.well-known/ in the root of your website's document directory.
    • For example, if your domain is example.com, create the directory at https://example.com/.well-known/
  2. Navigate to login.venn.com and Sign In with valid credentials. You may be required to verify the sign-in by completing the multifactor authentication on your mobile device.
  3. Click Company admin or Manage > Company admin.

    Updated_CM.png

  4. Click Connected apps in the sidebar at left and select MDM enrollment.

    Company Admin_Connected Apps_MDM Enrollment.png

  5. In the MDM discovery file section under iOS MDM enrollment, click Download file.

    Company Admin_Connected Apps_MDM Enrollment_MDM Discovery File_Download.png

  6. Place the JSON file into the .well-known/com.apple.remotemanagement directory.  The filename should match exactly the above syntax, the extension for this file is ".remotemanagement" (not .json).
  7. Depending on your web server, you may also need to add a mime type for the ".remotemanagement" extension with type application/json
  8. Ensure the file has the correct permissions so it is publicly readable. Typically, you will want to set the file permissions to 644, meaning that it is readable by everyone, and writable by the owner.
  9. You should now be able to access this file from any browser using the following URL https://example.com/.well-known/com.apple.remotemanagement 

Once you have uploaded the file, we recommend that you verify that the file is accessible from the internet before users begin enrolling their devices.

  1.  Add the domain(s) where you placed the JSON file under step 4 in the MDM discovery file section under iOS MDM enrollment.
  2. Click Test file accessibility.

    Company Admin_Connected Apps_MDM Enrollment_MDM Discovery File_Test.png

Was this article helpful?