Quickstart Guide for Enrolling iOS



 

 

  

The following steps will help you get your iOS devices enrolled and communicating with your FileWave Server.

This document assumes that you have installed and set up your FileWave Server and Admin. This guide is not meant to be a replacement for evaluation and proper training.

FileWave Server Preparation


Enrollment Credentials

If you choose, you can prompt the user to authenticate the enrollment with a generic account name and password or with your AD/Okta/Google Credentials. You can also turn off authentication completely if you want a more streamlined process.

Okta Credentials:https://fwkb.atlassian.net/wiki/spaces/KB/pages/4330400

Google Credentials:https://fwkb.atlassian.net/wiki/spaces/KB/pages/4330644

Azure AD: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4330318

LDAP Credentials: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329363

Generic Username/Password:

  1. From the server type one of the following, depending on your enrollment strategy: 
    Manual Enrollment(OTA)

    1 sudo fwcontrol mdm adduser [name]


    Device Enrollment Program (DEP):

    1 sudo fwcontrol mdm adddepuser [name]

    Where [name] is the name of the account

  2. Enter your server’s root password

  3. Enter a password for this account

No Authentication:

  1. From the server type the following:

    1 cp /usr/local/filewave/apache/conf/mdm_auth.conf.example_no_auth /usr/local/filewave/apache/conf/mdm_auth.conf

     

  2. When asked to overwrite the original, enter 'y' for yes

  3. Restart the apache service to put the new configuration into place

    1 /usr/local/filewave/apache/bin/apachectl graceful

 

Certificate Generation

The FileWave MDM Server requires two certificates - one to send push commands to Apple and another for iOS devices to communicate securely with the MDM Server.

Apple Push (APNS): https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329396

Root Trusted Certificate: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4328971  

Starting in iOS 10.3+ Apple changed its policy to require signed certificates for iOS enrollment into MDM servers. If you have a domain trusted wildcard certificate, you are able to use that certificate with your FileWave server.


Enrolling iOS Devices

With both certificates configured and uploaded, the status icon in the bottom left of the Admin window should turn green. We now need to connect each device to the FileWave server. 

Manual Enrollment (Not Recommended)

Manual Enrollment will not Supervise iOS devices. This means many Restrictions, Configurations and Features will not be available for Manually Enrolled Devices.

  1. With the FileWave server running, connect with FileWave Admin. 

  2. Click on the Assistants menu item and go to Enroll iOS Device. 

  3. This will be the “Enroll iOS Device” window and in the "Manual Enrollment" tab

  4. Copy URL to Clipboard: This will copy your FileWave enrollment URL to the current clipboard. You can then paste the URL into an email or SMS and send it to your users for enrollment. The user will be prompted with two steps to install the server certificate and the enrollment profile. The OTA user you created at the being of this guide will be needed to be entered during step 2.

DEP Enrollment: https://fwkb.atlassian.net/wiki/spaces/evalguides/pages/2228512

Apple Configurator:https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329458

Adding iOS Devices to FileWave

 

Just like a FileWave client, iOS devices are waiting to be added to the client database.

1. With the FileWave server running, connect with FileWave Admin.
2. From the Clients window, click on New Client in the upper left corner.
3. Click on Enrolled Mobile Devices.
4. From the list, select your iOS devices and add them.
5. Update the model. 
6. Organize as you would a standard Windows or Mac client.