Note: You should update any bookmarks to point to https://kb.filewave.com We will be working on links from FW Central/Anywhere that still come to this Atlassian site over the next couple of releases and then phasing out this site entirely in Jan 2024.
Quickstart Guide for Enrolling iOS
The following steps will help you get your iOS devices enrolled and communicating with your FileWave Server.
This document assumes that you have installed and set up your FileWave Server and Admin. This guide is not meant to be a replacement for evaluation and proper training.
FileWave Server Preparation
Enrollment Credentials
If you choose, you can prompt the user to authenticate the enrollment with a generic account name and password or with your AD/Okta/Google Credentials. You can also turn off authentication completely if you want a more streamlined process.
Okta Credentials:https://fwkb.atlassian.net/wiki/spaces/KB/pages/4330400
Google Credentials:https://fwkb.atlassian.net/wiki/spaces/KB/pages/4330644
Azure AD: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4330318
LDAP Credentials: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329363
Generic Username/Password:
From the server type one of the following, depending on your enrollment strategy:
Manual Enrollment(OTA)sudo fwcontrol mdm adduser [name]
Device Enrollment Program (DEP):sudo fwcontrol mdm adddepuser [name]Where [name] is the name of the account
Enter your server’s root password
Enter a password for this account
No Authentication:
From the server type the following:
cp /usr/local/filewave/apache/conf/mdm_auth.conf.example_no_auth /usr/local/filewave/apache/conf/mdm_auth.confWhen asked to overwrite the original, enter 'y' for yes
Restart the apache service to put the new configuration into place
/usr/local/filewave/apache/bin/apachectl graceful
Certificate Generation
The FileWave MDM Server requires two certificates - one to send push commands to Apple and another for iOS devices to communicate securely with the MDM Server.
Apple Push (APNS): https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329396
Root Trusted Certificate: https://fwkb.atlassian.net/wiki/spaces/KB/pages/4328971
Starting in iOS 10.3+ Apple changed its policy to require signed certificates for iOS enrollment into MDM servers. If you have a domain trusted wildcard certificate, you are able to use that certificate with your FileWave server.
Enrolling iOS Devices
With both certificates configured and uploaded, the status icon in the bottom left of the Admin window should turn green. We now need to connect each device to the FileWave server.
Manual Enrollment (Not Recommended)
Manual Enrollment will not Supervise iOS devices. This means many Restrictions, Configurations and Features will not be available for Manually Enrolled Devices.
With the FileWave server running, connect with FileWave Admin.
Click on the Assistants menu item and go to Enroll iOS Device.
This will be the “Enroll iOS Device” window and in the "Manual Enrollment" tab
Copy URL to Clipboard: This will copy your FileWave enrollment URL to the current clipboard. You can then paste the URL into an email or SMS and send it to your users for enrollment. The user will be prompted with two steps to install the server certificate and the enrollment profile. The OTA user you created at the being of this guide will be needed to be entered during step 2.
DEP Enrollment: https://fwkb.atlassian.net/wiki/spaces/evalguides/pages/2228512
Apple Configurator:https://fwkb.atlassian.net/wiki/spaces/KB/pages/4329458
Adding iOS Devices to FileWave
Just like a FileWave client, iOS devices are waiting to be added to the client database.
1. With the FileWave server running, connect with FileWave Admin.
2. From the Clients window, click on New Client in the upper left corner.
3. Click on Enrolled Mobile Devices.
4. From the list, select your iOS devices and add them.
5. Update the model.
6. Organize as you would a standard Windows or Mac client.