Link to an external device management service in Apple Business
In Apple Business, you can link to an external device management service, the built-in device management service or both.
Before you link to an external device management service, review the security, certificate and naming information below:
Security: Every external device management service that you create needs to be known to Apple and requires secure authorisation using a two-step verification process. The verification process involves creating and installing a device management service token on your device management service. The certificate encrypts the token. For information about how to transfer the token, see your device management service’s documentation.
Certificates: Before you add an external device management service, get the public key certificate file (ending in .pem or .der) from your device management service developer for each service you want to add. See your device management service’s documentation for information about getting the service’s public key certificate.
Note: You can’t upload more than 250 public key certificate files.
Names: When you name each external device management service, you do not need to use the fully qualified domain name. For example, you can choose a name based on a specific building, location, room or job function (but you can’t use the same name for multiple services). You also can’t name your services Unassigned or Reassigned.
A user with the proper privileges needs to replace the active token on an external device management service in these situations:
When creating a new public key or generating a new token
When the user who downloaded the token changes their Managed Apple Account password
As a security measure, when the user who downloaded the original token leaves your organization
Important: External service tokens expire after one year and require replacement. Depending on the device management service, you may or may not get a warning that a token is going to expire. Well before a token is about to expire, sign in to Apple Business, generate and download a new token for the device management service and transfer that token to the service for immediate installation. See your device management service’s documentation for information about how to transfer the token.
Link to an external device management service
In Apple Business, sign in with a user whose role has permissions to view, add and delete device management services.
To view roles and permissions, see Intro to roles and permissions.
In your browser, choose Devices > Management Services.
If this is the first time you’re setting up a device management service (including the built-in service), select Get Started. If you already have a service set up, select Connect external device management, then select Continue.
Enter a unique name for the service.
Don’t select the checkbox next to Release Devices unless you want this device management service to have that ability. See Release devices.
Upload the public key certificate file, then select Next.
Select Download Service Token.
Select Done.
Upload the token to a specific service. Consult your device management service’s documentation to complete this step.
Repeat steps 2 to 8 for any other device management services you want to link to.
To replace the token, see Download a content token.