Creating and Assigning Profiles to iOS Devices
You can configure the device startup settings of the Corporate Owned, Personally Enabled (COPE) iOS devices also known as Device Enrollment Program (DEP) devices, to skip configurations or include additional configurations. This is done by creating profiles in WSO2 IoT Server and assigning it to the devices.
Before you begin!
Follow the steps given below:
If you have not already started WSO2 IoT Server, start WSO2 IoT Server's core profile.
cd <IOTS_HOME>/bin ./iot-server.sh
Sign in to the device management console using a username and password that has administrator privileges. The default administrator password is
admin
and the default administrator password isadmin
.- Click > CONFIGURATION MANAGEMENT > DEP CONFIGURATIONS > Add Profile.
The profile form is displayed. Configure the profile settings:
Enter profile name Provide a name for your profile. Enter profile URL Enter the URL to access the WSO2 IoT Server's EMM server.
The URL needs to be in the following format:https://<IOTS_HOST>:8243/api/ios/v1.0/profile-dep/
. If you port offset WSO2 IoT Server's core profile, make sure to offset the port defined here too. In a setup where hostnames are used, please replace the <IOTS_HOST>:8243 with the gateway hostname.Is supervised If selected, the device is set to the Supervised mode. The supervised devices are also referred to as DEP enabled device. The EMM administrators are able to carry out operations on the device as they are owned by the organization.
Important: Without this tick, DEP related policies will not work.Is MDM removable If selected, the device user is unable to unregister the device from the WSO2 IoT Server's EMM solution. Is mandatory If selected, the device users need to complete enrolling their devices with WSO2 IoT Server during the setup, and cannot skip the step.
Important: It is highly adviced to keep this unchecked during testing to avoid getting locked out due to a misconfiguration. When moving to a production environment, this can be checked after testing.Department Enter the department the device belongs to. This value is displayed when the device is starting up. Support phone number Enter the support number. This is provided during the setup if device users require help or run into issues. Support email address Enter the support email address. This is provided during the setup if device users require help or run into issues. Anchor certs Production environment: You don't need to enter any value here because WSO2 IoT Server has a valid SSL certificate in a production environment.
Testing/Development environment: If the testing environment does not have a valid SSL certificate, follow the steps given to get the values you need to enter:
- Navigate to the
<IOTS_HOME>/ios-configurator/output
directory via the terminal.
This directory is available only if you configured WSO2 IoT Server with the iOS features. Run the command given below to convert the SSL certificate you had already generated when configuring iOS features to the
.pem
format.openssl x509 -in ia.crt -out ia_cert.pem
As per the Apple specifications, encode the
ca_cert.pem
file you generated when configuring the iOS features.openssl x509 -in ca_cert.pem -outform DER|base64
As per the Apple specifications, encode the
ia_cert.pem
file you generated above.openssl x509 -in ia_cert.pem -outform DER|base64
Enter the values you got in step c and step d as comma separated values:
Format:<STEP_C_VALUES>, <STEP_D_VALUE>
- Navigate to the
Skip setup items If Skip setup items is selected, the device automatically skips through all the pages that appear at the time of setting up an iOS device.
- If only specific items are selected, the device skips the selected pages at the time of setting up the iOS device.
For example, if you select passcode and Siri, you don't have to enter a passcode or set up Siri at the time of setting up the iOS device for the first time.
- Click Add to add the configured profile.
- Navigate to the Device list page.
- Click Sync if you haven't done before to get the list of devices that are enrolled as DEP devices from the DEP portal.
- Assign a profile to a device. The settings in the profile are used when starting up the device for the first time.
What's next?
Now, you can enroll your DEP devices with WSO2 IoT Server's EMM solution. All your employees need to do is start up the device.