Contents x
    Enrolling iOS devices with Managed Apple Id using Sign in to Work or School
    • 17 Apr 2024
    • 3 Minutes to read
    • Print
    • PDF
    Contents

    Enrolling iOS devices with Managed Apple Id using Sign in to Work or School

    • Updated on 17 Apr 2024
    • 3 Minutes to read
    • Print
    • PDF
    Article Summary

    With managed Apple IDs users can also enroll their iOS devices using Sign in to Work or School option in Settings making the enrollment procedure extremely simple. With this approach, IT admins can use Scalefusion to manage employee/personal-owned devices and drive BYOD strategy on iOS devices creating a separate container on the devices segregating work and personal data.

    This document covers the configurations required to enable Apple User Enrollment on iOS devices with Sign in to Work or School account. 

    Pre-requisites

    1. You should have a managed Apple ID. These are the Ids provided by Apple when you have a Business Manager or School Manager account. 
    2. The managed apple ID should be imported on the Scalefusion Dashboard under User Enrollment
    3. Minimum Supported OS: iOS 15 onwards 
    4. Apple User Enrollment Profile is created
    5. Users should be assigned a User Group with Apple User Enrollment Profile.
    6. Your domain name should be verified in Apple Business Manager or Apple School Manager

    To enroll devices with this method, following are the steps:

    Step 1: Configure Apple User Enrollment Settings

    APNS should be configured on Dashboard before configuring these settings


    1. On Scalefusion Dashboard, navigate to Getting Started > Apple Setup > Apple User Enrollment
    2. There are two tabs under Apple User Enrollment Settings, viz.
      1. Enrollment Settings: Allows you to configure basic enrollment settings. They are:
        1. Show Terms of Use during Enrollment: If enabled, Users will be shown the Terms of Use configured in Organization Info before they enroll the devices.
        2. Force Sign In again After: Users will be asked to sign in to Work or school again after the configured time. Select time from the drop-down:
          1. Never
          2. 8 hours
          3. 12 hours 
          4. 24 hours 
          5. 36 hours 
          6. 48 hours 
          7. 72 hours
      2. After configuring, click Save
      3. Domain Configuration: Next step is to download the JSON file and host it in the domain that you have verified. To do so, 
        1. Under Domain Configuration, click on the button Download JSON. This downloads the json file on your system.
           
        2. Please rename the downloaded file to com.apple.remotemanagement
        3. Now host it on your domain. For example, if your domain name is 'onplex.com', then download the JSON file and host it at https://*onplex*/.well-known/com.apple.remotemanagement

    Step 2: Enrolling iOS device

    After configuring Apple User Enrollment settings, follow these steps on your iOS device to enroll it with Scalefusion:

    1. Navigate to Settings app on the device and go to VPN & Device Management

    2. Click on Sign in to Work or School account.. under VPN & Device Management
    3. Here, enter your managed Apple ID and click Continue
    4. You will get the Terms of Service page. Review the terms and click Accept
    5. Now, Click on Confirm on this screen. An OTP will be sent on your registered email id. 
    6. On the next screen, enter the OTP (you have received on the email id) and click Confirm
    7. On the next screen, click on Sign In to iCloud
    8. Now, enter the password for your managed Apple ID and click Sign In
    9. On the next screen, click on Allow Remote Management
    10. It may take few minutes to configure. You will get the screen to wait.
    11. Once done, you should get the following screen with the managed Apple ID showing up under Managed Account. This confirms that the enrollment process is complete, and your device is now managed. The applications and policies pushed by your IT Admin will start getting installed.


    Frequently Asked Questions

    Question: Will the process of enrollment be same if I have a GSuite/O365 account?

    Answer: If you have a GSuite/O365 account federated, the process is slightly different. On the device, you will be asked to authenticate with the respective provider after accepting Terms & Conditions. Hence, 

    1. After Step #4 (mentioned above) you will get the following screen. Click on Authenticate.
    2. This will take you to the Microsoft authentication screen (this is for O365 account). Select your Apple ID
    3. Enter password and click on Sign In to authenticate.
    4. Once authenticated, you will get the screen to Sign In to iCloud (Step #7 above). After that the steps will be same as above for enrolling device.


    Was this article helpful?
    What's Next
    Ambitious companies around the world trust Scalefusion to secure and manage endpoints including smartphones, tablets, laptops, rugged devices, POS, and digital signages. Our mission is to make Device Management simple and effortless along with providing world class customer support.
    By Business Initiative
    Top Features
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © 2023 Scalefusion. All rights reserved.