Link To A Third-party MDM Server In Apple School Manager

Trang chủ » Khoá Mdm » Link To A Third-party MDM Server In Apple School Manager

Có thể bạn quan tâm

Apple School Manager User Guide Open Menu Close Menu
  • Communities
Search this guide Clear Search Table of Contents
  • Welcome
  • Overview
    • Intro to Apple School Manager
    • Program requirements
    • Sign up
    • Participate in beta features
  • Get support and provide feedback
    • Get support
    • Provide feedback
  • Set up your organization
    • Edit preferences
    • Configure locations
  • Manage domains
    • Add and verify a domain
    • Manage verified domains
    • Lock a domain
    • Show unmanaged accounts using your domain
    • Capture a domain
    • About account transfers
  • Use Managed Apple Accounts
    • Use Managed Apple Accounts
    • Edit Managed Apple Accounts
    • Customize user access to certain apps and services
    • Use Sign in with Apple
  • Integrate identity providers
    • Use federated authentication
      • Intro to federated authentication
      • Use federated authentication with Google Workspace
      • Use federated authentication with Microsoft Entra ID
      • Use federated authentication with your identity provider
      • Change a user’s domain information
      • Transfer Apple services when federating
      • Disconnect federation from a domain
    • Sync user directories
      • Sync user accounts from Google Workspace
      • Sync user accounts from Microsoft Entra ID
      • Sync user accounts from your identity provider
    • Resolve user account sync conflicts
      • Resolve Google Workspace sync conflicts
      • Resolve Microsoft Entra ID OIDC sync conflicts
      • Resolve identity provider OIDC or SCIM sync conflicts
    • Integrate with your SIS
    • Use SFTP to upload SIS data
      • Upload Student Information System data
      • Best practices for merging data
      • Template information for importing data
      • Use Apple .csv templates
        • Apple Students template
        • Apple Staff template
        • Apple Courses template
        • Apple Classes template
        • Apple Rosters template
        • Apple Locations template
      • Use OneRoster .csv templates
        • OneRoster Users template
        • OneRoster Courses template
        • OneRoster Classes template
        • OneRoster Enrollments template
        • OneRoster Orgs template
  • Manage users
    • Work with users and passwords
      • Intro to users
      • Manually add users
      • Manage existing users
      • Inspect a user account
      • Set password policies
      • Create or reset user passwords
    • Assign roles and privileges
      • Intro to roles and privileges
      • View and assign roles
      • Add Content Managers to locations
    • Verification codes and phone numbers
      • Send verification codes
      • Add or reset verification phone numbers
  • Buy content
    • Intro to buying content
    • Review content payment and billing information
    • Select and buy content
    • Learn about Custom Apps
    • Transfer licenses
    • Manage content tokens
    • Migrate content tokens
    • Invite VPP purchasers
    • Plan for migration to Apps and Books
  • Manage devices
    • Device workflow
    • Add devices to your organization
      • Manage device suppliers
      • View device information
      • Get device order progress reports
      • Add devices from Apple Configurator
      • Manage MDM servers
        • Intro to MDM servers
        • Link to a third-party MDM server
        • Edit a third-party MDM server configuration
        • Delete a third-party MDM server
    • MDM server assignments
      • Review device assignments
      • Assign, reassign, or unassign devices
      • Assign a device that was serviced or replaced
    • Turn off Activation Lock
    • Release devices
  • Use Shared iPad
    • Create Shared iPad passcodes
    • Sign in to Shared iPad
    • Use Shared iPad with Managed Apple Accounts
    • Sign federated users out of devices
  • Work with Classroom and Schoolwork
    • Manually create a class
    • User accounts and Schoolwork
      • Manage student progress
      • Manage user requests
      • Improve Schoolwork
  • Searching and activity notifications
    • How to search
    • View activity
  • Appendixes
    • Read log files
    • Keyboard shortcuts
  • Document revision history
  • Copyright

In Apple School Manager you must link to at least one third-party mobile device management (MDM) server before you can begin assigning devices.

Before you create a third-party MDM server, review the certificate, security, and naming information below.

  • MDM server security: Every third-party MDM server you create must be known to Apple and must be securely authorized using a two-step verification process. The verification process involves creating and installing a server token on your MDM server. The certificate encrypts the token. For information about how to transfer the token, see your MDM vendor’s documentation.

  • MDM server names: When you name each third-party MDM server, you don’t need to use the fully qualified domain name. For example, you can choose a name based on a specific building, location, room, or job function (but you can’t use the same name for multiple servers). You also can’t name your MDM servers Unassigned or Reassigned.

  • MDM server certificates: Before you add a third-party MDM server, get the public key certificate file (ending in .pem or .der) from your MDM vendor for each server you want to add. See the MDM vendor’s documentation for information about getting the server’s public key certificate.

A user with the proper privileges must replace the active token on a third-party MDM server in these situations:

  • When a new public key is created or if a new token is generated

  • When the user who downloaded the server token changes their Managed Apple Account password

  • As a security measure, when the user who downloaded the original token leaves your organization

Important: Third-party server tokens expire after 1 year and must be replaced. Depending on the MDM vendor, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple School Manager, generate and download a new token for the MDM server and transfer that token to the MDM server for immediate installation. See your MDM vendor’s documentation for information about how to transfer the token.

Link to a third-party MDM server

  1. In Apple School Manager , sign in with a user that has the role of Administrator, Site Manager, or Device Enrollment Manager.

  2. Select your name at the bottom of the sidebar, select Preferences , then select MDM Server Assignment .

  3. Select the Add button , then enter a unique name for the server.

    If you don’t want this MDM server to have the ability to release devices, see Release devices.

  4. Upload the public key certificate file, then select Save.

  5. Select the Download button , then select Download Token.

  6. Next, upload the token to a specific MDM solution. Consult your MDM vendor’s documentation to complete this step.

  7. Repeat steps 3 through 6 for any other MDM servers you want to link to.

See alsoDelete a third-party MDM server in Apple School ManagerAssign, reassign, or unassign devices in Apple School ManagerApple Platform Deployment Helpful? Yes No Character limit: 250 Please don’t include any personal information in your comment. Maximum character limit is 250. Submit Thanks for your feedback. Previous Intro to MDM servers Next Edit a third-party MDM server configuration

Từ khóa » Khoá Mdm