# Apple Client Pre-Requisites Now that we have the FileWave basics taken care of, let us start integrating the Apple services into FileWave. This section will cover creating an APNS certificate and syncing FileWave with Apple's DEP and VPP. ## Apple Push Notification Service (APNS) Certificate --- The Apple Push Notification Service Certificate or "APNS Cert" is what allows FileWave to send out Push Notifications to Apple devices including macOS, iOS, and tvOS. This step is absolutely critical for any Apple management within FileWave. To create and upload an APNS certificate follow the instructions at one of the following links depending on your platform [macOS](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-macos-computers "APNs Certificate Creation & Renewal on macOS Computers") or [Windows](https://kb.filewave.com/books/certificates/page/apns-certificate-creation-renewal-on-windows-computers "APNs Certificate Creation & Renewal on Windows Computers"). If you have a macOS machine available, the process is usually found to be easier on the Mac versus a Windows machine since macOS includes the built-in Keychain Assistant. Since the APNS certificate must be renewed annually, we recommend you create calendar reminders 45, 30, and 15 days before the expiration. The FileWave Admin's Dashboard can also be configured to give you an alert of expiration via email. When renewing your APNS certificate, be sure to use the same Apple ID that was used to originally create it. Creating a new certificate, or creating a certificate with a different Apple ID, rather than renewing the existing one used by FileWave, will break MDM communication with your mobile devices and require un-enrollment and re-enrollment. Take the following precaution to prevent this.
- Click the "*Info"* icon for your APNS certificate in your Apple Push Certificates Portal account and enter the DNS name for your server in the *Notes* field. This lets you know which server it is intended for. - Verify that the topic for the APNS certificate you’re trying to renew matches the topic listed in the *"Mobile"* tab of the FileWave preferences. If they don’t match then you’re renewing the wrong APNS certificate and you run the risk of preventing Apple device management. |   |
If you do not see the added VPP Token this is because your FileWave Admin account has not been granted permission to the VPP Token. Please consult the *"*[*Allow new users to access existing VPP Tokens*](https://kb.filewave.com/books/evaluation-guide/page/filewave-central-preferences "FileWave Central Preferences")*"* section to grant permission to the VPP Token.
  ### VPP OwnershipIf you receive a message about the VPP Token being owned by another VPP tool, please inform your FileWave SE and they can assist in taking ownership of the VPP Token. Taking ownership of the VPP Token will result in the revoking of any previously deployed VPP licenses from another MDM so please proceed with caution. If you want to avoid licenses being revoked, please create a new "Location" within ASM/ABM and purchase new license or assign existing license to the new "Location".
## Purchase VPP Licenses from ASM/ABM --- Please consult [Apple School Manager User Guide](https://support.apple.com/en-am/guide/apple-school-manager/asmc21817890/web) or [Apple Business Manager User Guide](https://support.apple.com/hr-hr/guide/apple-business-manager/asmc21817890/web) for more in-depth information regarding purchasing Apps and Books. 1. Log into [Apple School Manager](https://school.apple.com) (ASM) or [Apple Business Manager](https://business.apple.com) (ABM) using your organization's Administrator or Content Manager account. 2. Select *"Apps and Books"* from the left pane. 3. Search for the application name you wish to purchase and verify its intended platform (iOS App vs. macOS App). 4. Select the desired "Location" from the *"Assign to"* drop-down menu. 5. Specify the quantity of licenses you'd like to purchase. 1. Please enter a reasonable amount of licenses to cover your future device population but not too many (100,000+) as it may slow down the VPP sync process. 6. Click *"Get"* button to complete your purchase. 7. Licenses will usually be available within 5 minutes of purchase and you will be emailed by Apple when your licenses are available.  ## Sync VPP Licenses into FileWave --- Now that we have at least one VPP Token imported into FileWave and licenses purchased, we can sync VPP within FileWave and automatically create Filesets for each VPP application. 1. Open FileWave Admin and navigate to *"License Management"* from the left pane. 2. Click the *"Synchronize VPP"* button in the black menu bar. - FileWave syncs with VPP automatically every 5 minutes but this will force a VPP synchronization and "Refreshes" the view. 3. You should receive a pop up message asking if you'd like to automatically create Filesets for your VPP applications. Click *"OK"*. 4. You should now see the VPP License information in the *"License Management"* section and a new Fileset in the *"Filesets"* section. - If you'd like to change where the VPP Filesets are imported to, please refer to this [section](https://kb.filewave.com/books/evaluation-guide/page/software-group-structure "Software Group Structure") of *"Software Group Structure"*.   ## Enrollment Credentials If you choose, you can prompt the user to authenticate the enrollment with a generic account name and password or with your AD/Okta/Google Credentials. You can also turn off authentication completely if you want a more streamlined process. - Okta Credentials:[IdP Setup: Okta](https://kb.filewave.com/books/identity-provider-idp-integration/page/idp-setup-okta "IdP Setup: Okta") - Google Credentials:[IdP Setup: Google](https://kb.filewave.com/books/identity-provider-idp-integration/page/idp-setup-google "IdP Setup: Google") - Microsoft Entra AD: [IdP Setup: Microsoft Entra ID](https://kb.filewave.com/books/identity-provider-idp-integration/page/idp-setup-microsoft-entra-id "IdP Setup: Microsoft Entra ID") - LDAP Credentials: [Using LDAP to enroll macOS/iOS/Android devices](https://kb.filewave.com/books/evaluation-guide/page/using-ldap-to-enroll-macosiosandroid-devices "Using LDAP to enroll macOS/iOS/Android devices") Generic Username/Password: 1. From the server type one of the following, depending on your enrollment strategy: Manual Enrollment(OTA) ``` sudo fwcontrol mdm adduser [name] ``` Device Enrollment Program (DEP): ``` sudo fwcontrol mdm adddepuser [name] ``` Where **\[name\]** is the name of the account 2. Enter your server’s root password 3. Enter a password for this account  ### No Authentication: 1. From the server type the following: ``` cp /usr/local/filewave/apache/conf/mdm_auth.conf.example_no_auth /usr/local/filewave/apache/conf/mdm_auth.conf ``` 2. When asked to overwrite the original, enter 'y' for yes 3. Restart the apache service to put the new configuration into place ``` /usr/local/filewave/apache/bin/apachectl graceful ```