Product Documentation

Deploying iOS Devices Through Apple DEP

Nov 10, 2015

You need an Apple Developer Enterprise Program (DEP) account to be able to take advantage of the Apple DEP for IOS device enrollment and management in XenMobile. The main requirements for organizations to sign up for the Apple DEP are as follows.

  • Business or institution phone number and email address
  • Verification contact
  • Business or institution information (D-U-N-S / tax ID)
  • Apple Customer number

For more information about Apple DEP details, see this PDF from Apple. It is important to highlight that Apple DEP is available for organizations and not individuals. It is also important to be aware that a fair amount of corporate details and information needs to be provided to create an Apple DEP account, which means it could take time for customers to request and receive approval for their accounts.

Applying for the Apple DEP account

When applying for a DEP account, the best practice is to use an email address that is tied to the organization, such as dep@company.com.  

localized image

1. After you enter your organization information, you should receive a temporary password for the new Apple ID through email. 

localized image

2. You then sign in with the Apple ID and complete the security settings for the account.

localized image

3. Configure and enable two-step verification, which is required for use with the DEP Portal. During these steps, you add a phone number where you will receive the 4-digit PIN for the two-step verification.

localized image

4. Log in to the DEP Portal to complete the account configuration using the two-step verification that you just set up.

localized image

5. Add your company details and then select from where you purchase devices. For details on purchasing options, see the next section, Ordering DEP-enabled devices.

localized image

6. Add the Apple Customer Number or the DEP Reseller ID and then verify your enrollment details and wait for Apple to approve your account.

localized image
localized image

7. After you receive your logon credentials from Apple, log into the Apple DEP Portal. Then, follow the steps in the next section to connect your account with XenMobile.

localized image

Integrating your Apple DEP account with XenMobile

Follow the steps in this section to connect your Apple DEP account with your XenMobile server deployment.

1. On the left-hand side of the Apple DEP Portal, click Device Enrollment Program.

localized image

2. Click Manage Servers and then on the right-hand side, click Add MDM Server.  

localized image

3. In Add MDM Server, enter a name for your XenMobile server and then click Next.

localized image

4. Upload a public key from your XenMobile server. To generate the key from XenMobile, do the following:

     a. Log on to the XenMobile console, click Configure, click Settings and then under More, click iOS Bulk Enrollment.

localized image

b. On the iOS Bulk Enrollment page, click Export Public Key. The public key is downloaded.

localized image

5. On the Apple DEP Portal, click Choose file, select the public key you just downloaded and then click Next.  

localized image

6. Click Your Server Token to generate a server token, which is downloaded from the browser, and then click Done.

localized image

7. On the XenMobile console iOS Bulk Enrollment page, click Import Token File and then upload the token file you downloaded in the preceding step.  

localized image
localized image

Your Apple DEP token information appears in the XenMobile console after you import the token file.

8. Click Test Connection to verify the Apple DEP connection with XenMobile.

localized image

9. On the iOS Bulk Enrollment page, complete the additional settings, select the Apple DEP controls and policies you want to implement for your Apple DEP devices and then click Save.

The XenMobile server appears in the Apple DEP Portal.

localized image

Ordering DEP-enabled devices

You can order DEP-enabled devices directly from Apple or DEP-enabled authorized resellers or carriers. To order from Apple, you need to provide your Apple Customer ID within the Apple DEP Portal to enable Apple to associate your device purchased with your Apple DEP account.

To order from your reseller or carrier, contact your Apple reseller or carrier to check if they participate in the Apple DEP. Ask for the resellers' Apple DEP ID when purchasing devices. You will need this information to add your Apple DEP reseller to your Apple DEP account. You will receive a DEP customer ID after adding the resellers' Apple DEP ID, when approved. Provide the DEP customer ID to the reseller, who will use the ID to submit information about your device purchases to Apple.  For more information, see this Apple website.

Managing DEP-enabled devices

Follow these steps to associate devices with your XenMobile server within your Apple DEP account through the DEP Portal.

1. Log on to the Apple DEP Portal.

2. Click Device Enrollment Program, click Manage Devices and then in Choose Devices By, select the option for which you want to upload and define your Apple DEP-enabled devices - Serial Number, Order Number, or Upload CSV File.

localized image

3. Under Choose Action, to assign your devices to a XenMobile server, click Assign to Server and then in the list, click the name of your XenMobile server and then click OK.

localized image

Your Apple DEP devices are now associated with the selected XenMobile server. 

localized image

User experience enrolling an Apple DEP-enabled device

When users enroll an Apple DEP-enabled device, their experience is as follows.

1. Users start their Apple DEP-enabled device.

2. Users the configuration wizard to configure the initial settings on their iOS device.  

3. The device automatically starts the XenMobile device enrollment process. Users follow the wizard to enroll the device into the XenMobile server associated with the Apple DEP-enabled device. 

The Apple DEP enrollment process starts automatically as part of the initial IOS configuration flow for Apple DEP enabled devices.

localized image

4. The Apple DEP configuration that you configured in the XenMobile console is delivered to the Apple DEP-enabled device. Users follow the wizard to configure the device.

localized image

5. Users may be prompted to sign into iTunes so that Worx Home can be downloaded.

localized image

6. Users open Worx Home and enter their credentials.  If required by the policy, users may be prompted to create and verify a Worx PIN.

The remainder of the required apps are pushed down to the device.