Setting up a Mosyle account Apple Integrations Push Certificate details: topic UDID, serial number, expiration date and time, number of devices enrolled under the specific Push Certificate, an export of the devices enrolled under the specific Push Certificate Date and time the event occurred User who completed the action When renewing the Push Certificate, be sure to confirm the Push Certificate ID in Apple's Push Portal to make sure it matches the topic UDID shown in the Mosyle interface. If it's not possible to renew the original Push Certificate, the devices will need to be re-enrolled in Mosyle. NOTE: For the security of customer accounts, MSPs do not have access to the Push Certificate area when accessing the account from the Mosyle Partner Portal. Resources Recommended resources A school or district generic Apple ID (not a personal Apple ID or one that is associated with a specific user) Apple School Manager account User account with Administrator or Device Enrollment Manager privileges in Apple School Manager User account with Administrator or Content Manager privileges in Apple School Manager Apple School Manager (ASM) To enroll devices using Automated Device Enrollment, an MDM server for Mosyle must be created in ASM and the MDM server token must be integrated into Mosyle. Complete the steps below to integrate your Apple School Manager account with Mosyle: Go to My School > Apple Basic Setup Click Apple School Manager Click “Add new account” and follow the on-screen instructions Once the Mosyle MDM server is created in Apple School Manager you can assign devices to the Mosyle MDM within Apple School Manager. For more information about assigning devices to an MDM server in Apple School Manager, check  Apple's documentation . Additional MDM server tokens can be integrated in Mosyle from Apple School Manager using the steps above. To restrict access to the Apple School Manager token to make changes, update, or renew the token, click the integration under My School > Apple Basic Setup > Apple School Manager, and uncheck the box for “All current and future locations”. Select only the locations to have access to the integration. Location Leaders not assigned to the specified locations will not have access to the token. After integrating the token from Apple School Manager into Mosyle, you can click it at anytime to view the following information: MDM Server Name Administrator who completed the integration Organization Name View/Update the name of the token integrated in Mosyle View/Update access to the integration Renew or replace the integration token Save the integration to update any info Delete the integration Sync preferences and/or request a manual sync of user/roster data Syncing data from Apple School Manager The Apple School Manager integration provides the opportunity to sync students and teachers, along with any class roster data that has been imported to Apple School Manager directly into Mosyle. After integrating the MDM server token into Mosyle, go to My School > Apple School Manager > Click “Sync Hierarchy”. Within this screen you can edit any sync preferences or manually pull fresh data and start the import. Enrolling devices from Apple School Manager To view devices assigned to the Mosyle MDM server from ASM, and the status of the enrollment profile, go to My School > Apple Basic Setup > Enrollment > Automated Device Enrollment > View devices. The status of each device is displayed and is color-coded for quick and easy status identification. Mosyle will automatically sync with Apple servers every 2-3 hours to update this information. If you have recently assigned devices to Mosyle and need to configure them immediately, click Update to request a sync. In order for the device to successfully enroll in the Mosyle MDM using Automated Device Enrollment, the enrollment profile must be synced with Apple servers. When devices are erased and connect to WiFi, or the Terminal command is used on macOS, they will reach out to Apple's cloud configuration servers to retrieve any enrollment information. So long as the Automated Device Enrollment profile is synced with Apple server's the device should proceed through Remote Management during the setup. If you run into any issues during the enrollment process, please check the Help Center and/or get in touch with our Support Team via tickets. Apple Apps and Books In order to install apps or books on devices using licenses purchased in Apple School Manager, the Apps and Books content token must be integrated in Mosyle. Complete the steps below to integrate your Apple School Manager account with Mosyle: Go to Management > Applications Click Apple Apps and Books (VPP) Click “Add account” and follow the on-screen instructions Once the Apps and Books content token is integrated into Mosyle, app and book licenses will be available for distribution. Additional Apps and Books tokens can be integrated in Mosyle from Apple School Manager using the steps above. IMPORTANT: The Apps and Books content token from Apple School Manager should only be integrated in one MDM solution at a time to prevent licensing conflicts. Even if the token shows unclaimed or revoked from another solution, it's recommended to fully delete it to avoid conflicts. To restrict access to the Apps and Books token to install apps, or make changes to the token, click “Edit” for the integration under Management > Applications > Apple Apps and Books (VPP) , and uncheck the box for “ All current and future locations” . Select only the locations to have access to the integration. Location Leaders not assigned to the specified location(s) will not have access to the token. Licenses for apps and/or books from the token will be unable to be assigned to users or devices not associated with the specified location(s). To manage teacher access to the licenses available in the Apps and Books token, you can check or uncheck the box “Allow teachers to use the licenses from this account to install applications from the "Study Apps" list when starting a class. All licenses will be assigned using the method "device based"”. With this option checked, teachers will be able to select apps available on the Apps and Books token to include in their list of Study Apps in the Mosyle Class Manager. After integrating the content token from Apple School Manager into Mosyle, you can click “Edit” at anytime to view the following information: Organization ID Apple ID for the Administrator who completed the integration Email address for the Administrator who completed the integration ASM Location Name View/Update the name of the token integrated in Mosyle View/Update access to the integration Renew or replace the integration token Save the integration to update any info Delete the integration More options: Revoke all VPP app assignments or Revoke assignments from unknown devices and users Clicking the token integration will display more information regarding the apps and books purchased along with the licensing information, such as how many licenses used versus how many licenses available. Click the Apps or Books tab along the top to view a list of all app and book licenses purchased and assigned to the token. Mosyle will automatically sync with the Apple servers every 2-3 hours to identify any newly purchased content, however a fresh sync can be requested at any time by clicking the Update button. Within the list, click on a specific app or book to view additional details such as the device serial numbers or users to which the app or book licenses are assigned and the profiles in which the content is included. In the detailed view of the app licenses, you can also choose to revoke licenses or update the license list. Click the eyeball icon to hide the app or book from being available to install on devices, and click the information icon to view App Store details. The Invites tab will show a list of users to whom invites have been sent and are either pending acceptance or have been accepted. Invites are required in order to utilize user-based assignment of app or book licenses. When sending invites, you have the option to email the invite to the user so that it can be accepted with their consumer Apple ID so that licenses can be assigned; or you can automatically invite users via their Managed Apple ID that was created in the same Apple School Manager account as the Apps and Books token. Invites can be downloaded, resent, or revoked by selecting the checkbox of the invite and clicking the corresponding icon. Licenses will be assigned to the Apple ID that is used to accept the invite. Therefore, it is critical that invites are accepted with the same Apple ID logged in on the device to ensure the content downloads. If the invite is accepted with a different Apple ID than what is logged in on the device, the app or book will not download. NOTE: Books can only be assigned via user-based license assignment and licenses cannot be revoked. Token Integration After the MDM server token or Apps and Books token is integrated into Mosyle, it will need to be renewed annually . It is not necessary for the same user to renew the token each year. If the user who integrated the token changes their password in ASM, their role/permissions change, or is deleted, the token will be invalidated and a new token will need to be integrated . Additionally, for security purposes, any time a new token is downloaded from ASM, the previous token will be revoked. Other Integrations Purpose Mosyle is organized so the management of devices is as intuitive as possible, allowing you to assign configurations based on the user who is using the device and/or the location, grade level, or class the user is associated with. Since configurations can be assigned to specific users and/or their association with a grade level or class, or to a specific group of shared devices, it's important users are assigned or associated with the specific device or devices they use and/or devices are assigned to the appropriate shared device group. Assignment of devices can be fully automated so that users simply authenticate with their school or district credentials and Mosyle will automatically pair the user with the device. In order to do this, users must be imported into Mosyle. You can quickly import users, locations, grade levels, and courses/classes from Apple School Manager using the ASM integration. If your data has not been imported into Apple School Manager, you can use Active Directory, the Mosyle API, a Spreadsheet import, or create any hierarchical data manually if needed. Once the school or district data is imported into Mosyle and devices are assigned to their corresponding user, you can effectively scope configurations based on the specific user needs. For example: A specific app that needs to be deployed to all students in a specific grade level; Restrictions that should only be enforced on devices assigned to students. Resources Recommended resources Access to a Mosyle Education account User account with Administrator or User privileges in Apple School Manager or Active Directory Configuring Apple School Manager Integration Location, Grade Levels, Courses/Classes, and Users can be imported into Mosyle from Apple School Manager. Apple School Manager provides multiple methods for importing the school or district data, including from a  Student Information System (SIS) directly into ASM , using an  SFTP upload , or importing users from  Google Workspace  or  Microsoft Azure AD When importing data from ASM into Mosyle, in order for a user to be properly assigned to a location, grade level, and user type (Student or Teacher), they must be associated with a Class. Currently, ASM does not provide information regarding a user's type or location. In order to correctly import users as Students or Teachers and assign them to the appropriate location and grade level within Mosyle, the user's association with a Class is used to infer the user type and location. If users are not assigned to a Class, they will not be imported unless the option to “Import Users without a Location” is selected in the Sync Parameters. Complete the steps below to import data into Mosyle from Apple School Manager: If the MDM server has already been created in Apple School Manager, skip this step and go to step 2. Otherwise, go to My School > Apple Basic Setup > Apple School Manager > Add new account. Follow the on-screen instructions to complete the integration. After the integration is complete, click Sync Hierarchy under the Apple School Manager token Click "Edit Sync Preferences" to configure the following settings: Sync automatically: configure the time of day the daily automatic sync will run Only add new data and do not edit existing data User ID (Identifier): Choose what to use for the user's ID when syncing data from ASM. Choices include Person Number, Person ID, Managed Apple ID Prefix, SIS username, Email address, Managed Apple ID. E-mail: Choose what to use for the user's email address when syncing data from ASM. Choices include the same e-mail address registered in ASM, the Managed Apple ID, or the Managed Apple ID without the subdomain. Students are not required to have an email address registered in Mosyle, click the checkbox “Do not import email attribute for students” if you do not wish to have the student email addresses imported into Mosyle. User without Location: This option exists due to Mosyle being unable to import users unless a class is assigned. Select this option if you have users without a class that need to be imported into Mosyle. The users will be imported without any grade level or location assigned. Class Period Name: Choose what to use for the name of the class when syncing data from ASM. Choices include Class ID, Class Number, Name, or Display Name. Locations to Sync: Check the box next to all locations to be synced from ASM. Locations not selected will not be imported. Once the integration is completely set up, you can click Pull fresh data to preview the data to be imported into Mosyle. If needed, make any necessary changes under “Edit Sync Preferences” and Pull fresh data again. When all data in the preview looks correct, click Start Integration to begin importing the data. Mosyle identifies users via the user ID and/or the email address. In the event a user's information needs to be updated, make the changes as needed in Apple School Manager or in the Sync Parameters, making sure at least one of the identifiers remain the same. Pull fresh data and complete the integration to update the user. Configuring Active Directory Integration Complete the steps below to add an Active Directory integration and import users, grade levels, and/or class periods into Mosyle Education: Go to My School > Integrations > + Activate New Integration Select Active Directory After Activating the integration, click “Add new profile” > Active Directory LDAP When configuring the Active Directory integration three tabs will be available, two of which need to be configured to successfully import users and user groups: Setup and Synchronization. The Setup tab is where the Active Directory server information will be added. Be sure to release the IPs listed in the interface so that Mosyle is able to establish a connection. Mosyle only supports secure connections (LDAPS or LDAP over TLS). The Synchronization tab is where mapping and configurations will be made to import users, grade levels, and/or class periods. In this area you can specify the following sync options: Only add new data and do not edit existing data Welcome email Setup and configure the time for the automatic sync When completing the mapping, filter the users, grade levels, and/or class periods by specific filters or attributes so that only the users and groups you wish to import are imported into Mosyle. Once the integration is completely set up, you can click the integration name to request a fresh data sync and import users. Configure the Authentication tab to allow users to authenticate in Mosyle with their Active Directory credentials. Check the box to indicate “Use the AD to validate user and password” and enter the attribute that is used to authenticate. Be sure to test the integration to make sure all is authenticating as expected. NOTE: AD FS and General OAuth are available for user authentication purposes only. Users, grade levels, and class periods cannot be imported using these integrations. If you need any assistance with the Active Directory integration, visit the Help Center for more information or submit a Support Ticket. Configuring Spreadsheet and Mosyle API Integrations If your school or district doesn't have Apple School Manager or Active Directory, users, grade levels, and classes can be imported using a Spreadsheet or the Mosyle API Integration. Complete the steps below to add an integration and import users and user groups in Mosyle Education: Go to My School > Integrations > + Activate New Integration Choose from: Mosyle API Integration or Spreadsheet Importing After Activating the integration, toggle on the API Integration or Download the templates for the Spreadsheet integration. Mosyle API Integration After toggling on the API Integration, you can choose to restrict the access to specific IPs or leave it open by editing the Access Method. To create users via the API, you'll make requests to the /users endpoint. To create classes via the API, you'll make requests to the /classes endpoint. Additional documentation, as well as a sample json that is compatible with Postman and Insomnia, is available in the Mosyle interface. Spreadsheet Integration Users, grade levels, locations, and courses/classes can be imported directly into Mosyle from a CSV or XLSX Spreadsheet. After downloading the template for the Spreadsheet integration, fill it out and upload the file to Mosyle. Be sure to not delete any headers or sheets (even if empty).