Quickstart Guide for iOS (Using Windows)



QuickStart Guide

For Windows and iOS

The following steps will help you get your iOS devices enrolled and communicating with your FileWave Server. Please note: This document assumes that you have installed and set up your FileWave Server and Admin (see QuickStart Guide). Please note: This guide is not meant to be a replacement for either the FileWave Manual or proper training.

FileWave Server Preparation
1. With the FileWave Server running, we want to make some generic accounts for enrolling iOS devices with the URL web enrollment (OTA) and the Device Enrollment Program (DEP) with Apple. 
To use LDAP credentials follow the instructions on this page: https://www.filewave.com/support/kb/article/enroll-ldap 
From the server, Command Prompt as Administrator and type: 
OTA: fwcontrol mdm adduser [name] 
DEP: fwcontrol mdm adddepuser [name] 

a. Where [name] is the name of the account. 
b. Enter a password for the account you are creating.

Certificate Generation

The FileWave MDM Server requires two certificates - one to send push commands to Apple Inc. and another for iOS devices to communicate securely with the MDM Server.

Apple Push (APNS)

Evaluation users, make sure you have applied for an evaluation account (http://www.filewave.com/eval) first. 
1.  Go to  https://slproweb.com/products/Win32OpenSSL.html  and download the appropriate version of OpenSSL for your  environment .

2. From a command prompt type the following (If you are using a different version of OpenSSL please change the command below to point to the proper location of the openssl.exe and openssl.cfg) : C:\OpenSSL-Win64\bin\openssl.exe req -out "%USERPROFILE%\Desktop\request.csr" -new -newkey rsa:2048 -nodes -keyout "%USERPROFILE%\Desktop\privateKey.key" -config "C:\OpenSSL-Win64\bin\openssl.cfg"
Resulting in a request.csr and a privateKey.key on your desktop. 
3. Go to http://www.filewave.com/pushcert and log in with your FileWave.com user name. (Your username is not always your email.) 
6. Browse to and submit the request.csr on your desktop. 
7. Download the signed request. 
8. Go to https://identity.apple.com/pushcert and log in with an Apple ID (You can not use any account being associated with VPP purchases.)
9. Click the “Create a Certificate” button and upload the signed csr downloaded from the FileWave site. 
10. Download the MDM_ FileWave (Europe) Gmbh_Certificate.pemwinapns
11. From a command prompt type the following (If you are using a different version of OpenSSL please change the command below to point to the proper location of the openssl.exe) :

C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -in "%USERPROFILE%\Downloads\MDM_ FileWave (Europe) Gmbh_Certificate.pem" -inkey "%USERPROFILE%\Desktop\privateKey.key" -out "%USERPROFILE%\Desktop\push_cert.p12" -name fw-apns



This will merge the MDM_ FileWave (Europe) Gmbh_Certificate.pem in the downloads folder with the privateKey.key on your desktop resulting in a push_cert.p12 on your desktop.

12. Open FileWave Admin and connect to your FileWave Server. 
13. Go to the FileWave menu, then to Preferences
14. From the Mobile tab, click Browse... in the APNC section 
15. Select push_cert.p12 on the desktop. 
16. Select Upload APN Certificate/Key Pair section. 
17. Click OK to close the window. 

The APNC expires in 365 days, it is recommended that you create a reminder of some kind. When it comes time to renew, be sure to use the same Apple ID as step eight. Creating a new certificate, or creating a certificate with a different Apple ID, rather then renewing, will require re-enrollment of all iOS devices.
NOTE: Please continue to the below section to complete the certificate generation for communication between FileWave and your iOS devices.
Mobile Certificate Management (MCM) 
In this portion, we will create the certificate to facilitate communication between your FileWave MDM server and your iOS devices. 
1. Open FileWave Admin and connect to your FileWave Server. 
2. Go to the FileWave menu, then to Preferences
3. From the Mobile tab, enter the FQDN (Fully Qualified Domain Name) of the server into the “Server Address” and the “Server DNS Name” (see picture). 
4. Click Generate Certificate and enter the fwadmin credentials (default password is filewave). 
5. Click OK to close the window.
Please keep in mind that if this certificate is generated again, all iOS devices must be manually re-enrolled to receive the new certificate.
Enrolling iOS Devices

With both certificates now configured and uploaded, the iOS/MDM icon in the bottom left of the Admin window should turn green. We now need to connect each device to the FileWave server. 

winwebenroll Manual Enrollment

1. With the FileWave server running, connect with FileWave Admin
2. Click on the Assistants menu item and go to Enroll iOS Device
 This will be the “Enroll iOS Device” window and in the "Manual Enrollment" tab

4.Copy URL to Clipboard: This will copy your FileWave enrollment URL to the current clipboard. You can then paste the URL into an email or SMS, and send it to your users for enrollment. The user will be prompted with 2 steps to install the server certificate and the enrollment profile. If the configuration  hasn't been changed for authentication default will be basic enrollment. The OTA user you created at the being of this guide will be needed to be entered during step 2.

DEP Enrollment

To set up and use DEP, see 3.12, "VPP and DEP preferences," and 5.8, "Working with Apple’s Device Enrollment Program (DEP)," in the FileWave manual: https://www.filewave.com/support/management-manual

Mass Device Enrollment

Another option for enrollment is using an embedded enrollment profile as part of a mobile device configuration. Apple Configurator allows you to import a FileWave MDM enrollment profile, which will then be used to assign the device to your FileWave MDM server. Please follow the steps on the following KB article on how to enroll DEP and non-DEP devices into FileWave with Apple Configurator 2:  https://www.filewave.com/support/kb/article/ac2-enrollment

Adding iOS Devices to FileWave

Just like a FileWave client, iOS devices are waiting to be added to the client database.
winaddios 1. With the FileWave server running, connect with FileWave Admin.
2. From the Clients window, click on New Client in the upper left corner.
3. Click on Enrolled Mobile Devices.
4. From the list, select your iOS devices and add them.
5. Update the model. 
6. Organize as you would a standard Windows or Mac client.