In order to utilise MDM solutions such as Jamf Pro, an Apple Push Notification Service (APNS) certificate is required.
This is created through the use of an Apple ID.
Although an APNS certificate is free to obtain, there are a number of considerations that must be understood in its use. Failure to adhere to these will require devices to be re-enrolled (and in some cases, necessitating a full erase and re-enrolment of the device):
- An APNS certificate lasts a year
- An APNS certificate must be renewed before it expires each year. It can be renewed early (even daily) but must be renewed before it expires.
- An APNS certificate must be renewed with the exact same Apple ID it was created with.
In light of the above considerations, we would strongly suggest the below steps are followed to create an Apple ID for APNS usage:
- Create an email alias or distribution group called "apns@[your domain]". This will allow you to move the Apple ID easier if the responsible person / team leaves or is reassigned.
- Use a strong password and strong recovery questions, and store these in a safe and secure place.
- If setting up Two Factor Authentication on this Apple ID, add more than 1 device that can receive the authentication codes.
- APNS Certificate expiry reminders will go to the Apple ID email address that has set (please see step 1 of this section). We would advise that this is linked to a ticketing system to receive automated alerts at 30 days, 7 days and every other day up to the expiry.
- We would advise attempting to renew the certificate at the 30-day alert. This is so that if there are any issues or errors in completing this, this still allows for the maximum time to re-arrange access if needed.
- User https://appleid.apple.com to create your APNS Apple ID without requiring payment details
Please note: Do not use this Apple ID for other purposes. I.e. do not log this Apple ID into iTunes, the App Store or iCloud.
If you require Apple support for your APNS certificate (including the possibility of regaining access if you lose control of the Apple ID that was used to generate the push certificate), please see Apple's Support article: Contact Apple for help with Apple Push Notification service certificates.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.