You must enroll in the Apple Deployment Program to take advantage of the Apple Device Enrollment Program (DEP) for IOS device enrollment and management in XenMobile. For information about signing up for an Apple Deployment Program account, see this PDF from Apple.
The Apple Deployment Program is available for organizations and not individuals. A considerable amount of corporate details and information need to be provided to create an Apple Deployment Program account, which means it could take some time to request and receive approval for accounts.
When applying for an Apple Deployment Program account, the best practice is to use an email address that is tied to the organization, such as email@example.com.
1. After you enter your organization information, you should receive a temporary password for the new Apple ID through email.
2. You then sign in with the Apple ID and complete the security settings for the account.
3. Configure and enable two-step verification, which is required for use with the DEP Portal. During these steps, you add a phone number where you will receive the 4-digit PIN for the two-step verification.
4. Log in to the DEP Portal to complete the account configuration using the two-step verification that you just set up.
5. Add your company details and then select from where you purchase devices. For details on purchasing options, see the next section, Ordering DEP-enabled devices.
6. Add the Apple Customer Number or the DEP Reseller ID and then verify your enrollment details and wait for Apple to approve your account.
7. After you receive your logon credentials from Apple, log into the Apple DEP Portal. Then, follow the steps in the next section to connect your account with XenMobile.
Follow the steps in this section to connect your Apple DEP account with your XenMobile server deployment.
1. On the left-hand side of the Apple DEP Portal, click Device Enrollment Program.
2. Click Manage Servers and then on the right-hand side, click Add MDM Server.
3. In Add MDM Server, enter a name for your XenMobile server and then click Next.
4. Upload a public key from your XenMobile server. To generate the key from XenMobile, do the following:
a. Log on to the XenMobile console, click the gear icon in the upper-right corner. The Settings page appears.
b. Under Platforms, click Apple Device Enrollment Program (DEP).
b. On the Apple Device Enrollment Program (DEP) page, click Download. The public key is downloaded.
5. On the Apple DEP Portal, click Choose file, select the public key you just downloaded and then click Next.
6. Click Your Server Token to generate a server token, which is downloaded from the browser, and then click Done.
7. On the XenMobile console Apple Device Enrollment Program (Page) page, under Add DEP Account, click Add, and then upload the token file you downloaded in the preceding step.
Your Apple DEP token information appears in the XenMobile console after you import the token file.
8. On the Apple Device Enrollment (DEP) page, mark the check box for the newly added token, and click Test Connectivity to verify the Apple DEP connection with XenMobile.
9. On the iOS Bulk Enrollment page, complete the additional settings, select the Apple DEP controls and policies you want to implement for your Apple DEP devices and then click Save.
The XenMobile server appears in the Apple DEP Portal.
You can order DEP-enabled devices directly from Apple or DEP-enabled authorized resellers or carriers. To order from Apple, you need to provide your Apple Customer ID within the Apple DEP Portal to enable Apple to associate your device purchased with your Apple DEP account.
To order from your reseller or carrier, contact your Apple reseller or carrier to check if they participate in the Apple DEP. Ask for the resellers' Apple DEP ID when purchasing devices. You will need this information to add your Apple DEP reseller to your Apple DEP account. You will receive a DEP customer ID after adding the resellers' Apple DEP ID, when approved. Provide the DEP customer ID to the reseller, who will use the ID to submit information about your device purchases to Apple. For more information, see this Apple website.
Follow these steps to associate devices with your XenMobile server within your Apple DEP account through the DEP Portal.
1. Log on to the Apple DEP Portal.
2. Click Device Enrollment Program, click Manage Devices and then in Choose Devices By, select the option for which you want to upload and define your Apple DEP-enabled devices - Serial Number, Order Number, or Upload CSV File.
3. Under Choose Action, to assign your devices to a XenMobile server, click Assign to Server and then in the list, click the name of your XenMobile server and then click OK.
Your Apple DEP devices are now associated with the selected XenMobile server.
When users enroll an Apple DEP-enabled device, their experience is as follows.
1. Users start their Apple DEP-enabled device.
2. Users the configuration wizard to configure the initial settings on their iOS device.
3. The device automatically starts the XenMobile device enrollment process. Users follow the wizard to enroll the device into the XenMobile server associated with the Apple DEP-enabled device.
The Apple DEP enrollment process starts automatically as part of the initial IOS configuration flow for Apple DEP enabled devices.
4. The Apple DEP configuration that you configured in the XenMobile console is delivered to the Apple DEP-enabled device. Users follow the wizard to configure the device.
5. Users may be prompted to sign into iTunes so that Secure Hub can be downloaded.
6. Users open Secure Hub and enter their credentials. If required by the policy, users may be prompted to create and verify a Citrix PIN.
The remainder of the required apps are pushed down to the device.