Learn how to configure all of the Apple Integrations
There are three Apple Integrations, Apple Push Notification service (APNs), Automated Device Enrollment, and Apps and Books. These integrations provide core functionality when managing Apple devices.
The APNs Integration needs to be configured before the Automated Device Enrollment or Apps & Books Integrations can be configured.
Apple Push Notification service (APNs)
The APNs certificate is required to enroll your Apple devices into Kandji. Configure it to get started with Kandji. You can configure all Apple integrations on the Apple Integrations page.
Configure Certificate
In order to configure the APNs certificate, please review the Configure Apple Push Notification service (APNs) section of the Getting Started with Kandji - Setup article.
Renew Certificate
In order to keep your APNs certificate active, you will need to renew it once a year.
It is recommended that you renew your APNs certificate every 6 months. Be sure to plan around vacation windows so that it doesn't expire unexpectedly.
- In the left-hand navigation bar, click Settings.
- Select the Apple Integrations tab.
- Under Apple Push Notifications service (APNs), click Renew certificate.
- Follow the on-screen instructions to renew your APNs certificate.
Common Errors When Renewing an APNs Certificate
When uploading the new APNs certificate, you may see an error stating, "This doesn't appear to be a valid certificate." This error can be given for several reasons, some of which are listed below:
- The Apple ID used to generate a new certificate does not match the Apple ID that was used for the original certificate.
- The uploaded certificate was created as a new certificate rather than a renewal of the original certificate.
- The new certificate that was uploaded does not have the .pem file extension or has been renamed from the original name of MDM_Kandji, Inc._Certificate.pem
If you need to change the Apple ID that is used for an APNs certificate, then it is recommended to do so before renewing the the original certificate. To start the process of migrating an APNs certificate to a new Apple ID, you can Contact Apple for help with APNs certificates.
Disconnect APNs
Only disconnect your APNs certificate if you need to replace it with a new one. Replacing your APNs certificate with a new one will break MDM communication with your enrolled Apple devices. You will need to re-enroll all devices under the new APNs certificate.
- In the left-hand navigation bar, click Settings.
- Select the Apple Integrations tab.
- Under Apple Push Notifications service (APNs), click Disconnect APNs.
If you disconnect your APNs certificate, you can reconnect the same certificate (with the same Topic ID) by going through the configuration flow and treating it as a renewal when you enter the identity.apple.com portal.
Automated Device Enrollment
Automated Device Enrollment allows users to automatically enroll devices in an organization's Kandji instance when they are first unboxed and connected to the internet. Enabling Automated Device Enrollment puts a device into a supervised state, which means its device management enrollment profile is non-removable. Select a Blueprint that devices will enroll into by default. Before enrolling a device, you can change the Blueprint it will enroll into in the Devices module.
Visit the Automated Device Enrollment section of the Getting Started with Kandji - Setup article for configuration instructions.
Apps and Books
Apps and Books allows a company to purchase apps and books in bulk and distribute them to devices without users needing Apple IDs. To keep your users' App Store apps up-to-date, select Automatically Update Apps.
Visit the Apps and Books section of the Getting Started with Kandji - Setup article for configuration instructions.