Creating an iOS Device Policy
Before you begin
Important: If you wish to enroll an iOS device using a third-party certificate, bind a trusted third-party certificate to Deployment Server
Extensions and Web Console and iOS Profile
Signing in the SOTI MobiControl
Administration Utility and turn off the Require Trust Profile
During Enrollment setting.
About this task
Use this procedure to create an Apple iOS Enrollment Policy.
Procedure
- From the main menu, select Enrollment Policies view is displayed. . The
-
Click New Enrollment Policy. The Enrollment Policy wizard launches.
- Below the Apple icon, select the iOS platform. The General view is displayed.
- On the General view, enter a name and description for the policy. Make the name brief but descriptive, especially if you plan to create multiple enrollment policies. Click Next.
-
On the Device Type view, choose an enrollment
type:
- Device : Use where you will have full control over the device.
- User : Use in BYOD environments. Only supported on devices running iOS 13.1 or later.
See iOS Enrollment Types for more information. - Optional:
For User enrollment only: Select the type of Managed Apple IDs that will
be authorized to enroll using this policy.
Federated Account Select to use a Microsoft Azure AD connection to authorize Managed Apple IDs. Local Accounts Select to add local Managed Apple ID accounts. You can add up to 1,000 accounts. Accounts must conform to a valid email address format, such as user@domain or user@domain.topleveldomain Tip: Click Import to upload a .csv of Managed Apple IDs. The .csv should be a list of Managed Apple IDs, with no header. -
Click Next.
On the Groups view, choose if authentication is required
for enrollment. No authentication means that devices are enrolled without user
verification. If authentication is required, select one of the following
options:
Password Type a single password for use across all devices that enroll with this policy. Once the password is set, select a device group destination. Directory Click to add directory groups. Choose a directory service from the dropdown and use the Search Groups field to find a group. You can add a new directory service connection by clicking Manage Services. From the dropdown menu, choose Directory, Identity Provider, or SOTI Identity. See Identity Management for more information. Once the directory group is added, select a device group destination and applicable terms and conditions. Important: Multiple directory groups can be added to the enrollment policy; however, the authenticated device will be assigned to the first listed directory group of which the user is a member. Use the up/down arrow buttons to arrange the list in an appropriate order. - ClickNext. The Auto Enroll view is displayed.
- Optional:
Click Enable Automated Device Enrollment to configure
device settings for future device enrollments. Set the following:
- Under Select an Automated Device Enrollment
account, select the account to perform Automated Device
Enrollment.Note: To add a new Automated Device Enrollment account, click Manage Accounts and follow the steps in Creating ADE Accounts.
- Scroll down to select from the available settings.
- Under Select an Automated Device Enrollment
account, select the account to perform Automated Device
Enrollment.
- Click Next. The Settings view is displayed.
- Select from the available settings then click Finish.
-
The new enrollment policy is created, and the Enrollment Policy
Info page is displayed. This page lists policy details and
device enrollment options:
- Click . Click Manage Emails to email the enrollment URL to a recipient.
- Click IOS Agent Enrollment ID to to reveal and copy the ID.
- Click Enrollment URL to view or copy the enrollment URL directly.
- Click OK to complete the process.