The following steps will help you get your iOS devices enrolled and communicating with your FileWave Server. Please note: This document assumes that you have installed and set up your FileWave Server and Admin (see QuickStart Guide). Please note: This guide is not meant to be a replacement for either the FileWave Manual or proper training.
FileWave Server Preparation
1. With the FileWave Server running, we want to make some generic accounts for enrolling iOS devices with the URL web enrollment (OTA) and the Device Enrollment Program (DEP) with Apple. To use LDAP credentials, follow the instructions on this page: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329363 From the server, open a command prompt and type: OTA: sudo fwcontrol mdm adduser [name] DEP: sudo fwcontrol mdm adddepuser [name] a. Where [name] is the name of the account. b. Enter your admin credentials. c. Enter a password for this account.
The FileWave MDM Server requires two certificates - one to send push commands to Apple Inc. and another for iOS devices to communicate securely with the MDM Server.
Apple Push (APNS)
Evaluation users, make sure you have applied for an evaluation account ( https://www.filewave.com/demo/ ) first. 1. Open Keychain Access.app from Macintosh HD > Applications > Utilities > Keychain Access.app 2. Start the Keychain Assistant by selecting the Keychain Access menu then selecting Certificate Assistant > Request a Certificate From a Certificate Authority... . 3. Enter your email and a common name (like FW push cert), and change Request is to Saved to disk
4. Click Continue and save to your desktop. 5. Go to https://csr.filewave.com/ and log in with your FileWave.com user name. (Your username is not always your email) 6. Browse to and submit the request on your desktop 7. Download the signed request. 8. Go to https://identity.apple.com/pushcert and log in with an Apple ID (You can not use any account being associated with VPP purchases.) 9. Click the “Create a Certificate” button and upload the signed CSR downloaded from the FileWave site. 10. Download the MDM_ FileWave (Europe) Gmbh_Certificate.pem . 11. Open the MDM_ FileWave (Europe) Gmbh_Certificate.pem in Keychain Access.App . If prompted, add it to the login keychain. 12. With login selected under Keychains and Certificates selected under Category 13. Toggle the disclosure triangle to the left of the APSP certificate you just imported. 14. Right-click the private key inside, and select Export Items...
15. Do not enter a protect password and save the Certificates.p12 to your desktop. 16. Open FileWave Admin and connect to your FileWave Server. 17. Go to the FileWave menu, then to Preferences. 18. From the Mobile tab, click Browse... in the APNC section 19. Select Certificates.p12 on the desktop. 20. Select Upload APN Certificate/Key Pair section. 21. Click OK to close the window.
The APNC expires in 365 days, it is recommended that you create a reminder of some kind. When it comes time to renew, be sure to use the same Apple ID as step nine. Creating a new certificate, or creating a certificate with a different Apple ID, rather than renewing, will require re-enrollment of all iOS devices.
NOTE: Please continue to the below section to complete the certificate generation for communication between FileWave and your iOS devices.
Mobile Certificate Management (MCM)
Starting in iOS 10.3+ Apple changed their policy to go towards signed certificates being required for iOS enrollment into MDM servers. If you have a domain trusted wildcard certificate, you are able to use that certificate with your FileWave server. We also offer a Guide for Generating Signed certificates that can be found here. If you do not have a Signed Certificate, you are still able to create a self-signed certificate that can be done with the steps below. 1. Go to your FileWave server and open terminal. 2. Then, you will need to enter the below command with "fqdn" equaling the Fully Qualified Domain name of your FileWave server.
3. Once this command completes, the server certificate will be generated for your FileWave server.
Please keep in mind that if this certificate is generated again, all iOS devices must be manually re-enrolled to receive the new certificate. Enrolling iOS Devices
With both certificates now configured and uploaded, the iOS/MDM icon in the bottom left of the Admin window should turn green. We now need to connect each device to the FileWave server.
1. With the FileWave server running, connect with FileWave Admin. 2. Click on the Assistants menu item and go to Enroll iOS Device. 3. This will be the “Enroll iOS Device” window and in the "Manual Enrollment" tab
4. Copy URL to Clipboard: This will copy your FileWave enrollment URL to the current clipboard. You can then paste the URL into an email or SMS and send it to your users for enrollment. The user will be prompted with two steps to install the server certificate and the enrollment profile. If the configuration hasn't been changed for authentication default will be basic enrollment. The OTA user you created at the being of this guide will be needed to be entered during step 2.
Another option for enrollment is using an embedded enrollment profile as part of a mobile device configuration. Apple Configurator allows you to import a FileWave MDM enrollment profile, which will then be used to assign the device to your FileWave MDM server. Please follow the steps on the following KB article on how to enroll DEP and non-DEP devices into FileWave with Apple Configurator 2: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329458
Adding iOS Devices to FileWave
Just like a FileWave client, iOS devices are waiting to be added to the client database.
1. With the FileWave server running, connect with FileWave Admin. 2. From the Clients window, click on New Client in the upper left corner. 3. Click on Enrolled Mobile Devices. 4. From the list, select your iOS devices and add them. 5. Update the model. 6. Organize as you would a standard Windows or Mac client.