DEP (Device Enrollment Program)¶
This document outlines configuration of the DEP device syncing service. This information applies to classic DEP as well as Apple School Manager and Apple Business Manager.
Configuring via the UI¶
- Click on Settings -> DEP Accounts.
- New DEP Account
- Click on the Download button to begin downloading a Public Key. You will use this to upload to Apple Business Manager [1] or Apple School Manager [2].
- Create a new MDM Server in ASM or ABM, as described in the ASM Help here.
- Upload the
commandment-dep.cerfile you just downloaded, using the Upload Key button.
- Download the DEP token using the Get Token link.
- Unfortunately, for now you will have to upload the token using the curl command as outlined in API step 5.
Configuring via API¶
Make a GET request to
/dep/certificate/downloadto download the initial DEP Public Key. The public key is generated on request, and stored in the database with nameCOMMANDMENT-DEP.Perform the manual process of Adding an ASM/ABM MDM Server, and uploading the certificate you retrieved in step 1.
Download the DEP token from ASM/ABM, which will be a file ending in
_smime.p7m.Upload the file to
/dep/stoken/uploadas multipart/form-encoded with the file field of file, the equivalent curl command line would be:curl -F 'file=@/path/to/_smime.p7m' https://commandment.local/dep/stoken/upload
The DEP token should be decrypted, and devices should start appearing when the next DEP sync happens or when the server is restarted. For convenience, the decrypted token is provided in the result of this request as a json payload, structured like so:
{ "access_secret": "AS_1234", "access_token": "AT_1234", "access_token_expiry": "2019-10-02T00:00:00Z", "consumer_key": "CK_1234", "consumer_secret": "CS_1234" }
Footnotes
| [1] | Apple Business Manager |
| [2] | Apple School Manager, available at https://school.apple.com |