Link to a third-party device management service in Apple Business Manager
In Apple Business Manager you need to link to at least one third-party device management service before you can begin assigning devices to it.
Before you link to a third-party device management service, review the certificate, security, and naming information below:
Security: Every third-party device management service you create needs to be known to Apple and requires secure authorization using a two-step verification process. The verification process involves creating and installing a device management service token on your device management service. The certificate encrypts the token. For information about how to transfer the token, see your device management service’s documentation.
Names: When you name each third-party device management service, you don’t need to use the fully qualified domain name. For example, you can choose a name based on a specific building, location, room, or job function (but you can’t use the same name for multiple services). You also can’t name your services “Unassigned” or “Reassigned.”
Certificates: Before you add a third-party device management service, get the public key certificate file (ending in .pem or .der) from your device management service developer for each service you want to add. See your device management service’s documentation for information about getting the service’s public key certificate.
A user with the proper privileges needs to replace the active token on a third-party device management service in these situations:
When creating a new public key or generating a new token
When the user who downloaded the token changes their Managed Apple Account password
As a security measure, when the user who downloaded the original token leaves your organization
Important: Third-party service tokens expire after 1 year and require replacement. Depending on the device management service, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple Business Manager, generate and download a new token for the device management service, and transfer that token to the service for immediate installation. See your device management service’s documentation for information about how to transfer the token.
Link to a third-party device management service
In Apple Business Manager
, sign in with a user who has the role of Administrator or Device Enrollment Manager.Select your name at the bottom of the sidebar, select Preferences
, then select Device Management Service Assignment 
.Select the Add button
, then enter a unique name for the service.If you don’t want this device management service to have the ability to release devices, see Release devices.
Upload the public key certificate file, then select Save.
Select the Download button
, then select Download Device Management Service Token.Next, upload the token to a specific service. Consult your device management service’s documentation to complete this step.
Repeat steps 3 through 6 for any other device management services you want to link to.