This article includes descriptions of third-party software and is based on the status at the time this page was created.
Changes to the user interface on the part of the manufacturer are possible at any time and must be taken into account accordingly in the implementation.
All information without warranty.
Introduction
This HowTo describes how to install customized apps and unlisted apps in Apple School Manager and Apple Business Manger accounts and manage them using the Securepoint Mobile Security Management Portal.
- Custom Apps: specially developed apps that are only accessible to users of one's own organization/company
- Unlisted Apps: non-public apps that are distributed individually to users, or to devices.
Installation of a customized app
Requirement customized apps
In order for an app to be distributed as a customized app
- it must be set up in the App Store Connect, and
- be assigned to a Apple School Manager or Apple Business Manager account.
Here is additional information about customized apps on iOS devices.
The customized app is deployed to the MDM portal and managed via it. Access must be available.
Set up customized app in App Store Connect
If the app is not yet set up in the App Store Connect, this is done with the following steps:
- Log in to App Store Connect as Account Holder, App Manager or as Admin.
- in My Apps click on the button Add (+)
- In the pop-up window, click New App
- in New-App-Dialog select the platforms iOS and enter the app information
- select User Access Limited Access and select the Apple School Manager or Apple Business Manager account.
- Click on Create
- For customized apps, the identical app review guidelines from the App Store apply. This can take 1 to 2 days.
- If the customized app contains sensitive data (company, customer, user, etc.), app authentication and encryption procedures must be used.
- App verification requires Apple to log in to the customized app to test its functionality. A generic test account is sufficient.
Assign customized app Apple School/Business Manager account
Assign the customized app to the Apple School Manager, or Apple Business Manager account:
- in the logged in App Store Connect (as Account Holder, App Manager or as Admin) click on My Apps
- Select the customized app
- click on Prices and Availability in the side menu
- under App Distribution Methods select Private
- Under Type enter the organization ID of the Apple School Manager or Apple Business Manager account. If the old VPP (Legacy Volume Purchase Program) is still used, the app will be assigned via its Volume Purchasing Apple ID.
- Auf Speichern klicken
The thus assigned customized app will be displayed and distributed in the Apps and Books section of the Apple School Manager, or Apple Business Manager account.
Assign Apple School/Business Manager account to MDM portal
- Download the Apple Push certificate (*.pem file)
- Upload this certificate in the [business.apple.com Apple Business Manager] or [school.apple.com Apple School Manager]
This is only required once per location. - Download the vpp token in the Apple Business Manager or Apple School Manager:
- Klick on Username in the corner down left
- Menü
Settings - Payments and Billing
- Tab Apps and Books / Section Server-Tokens
Choose Token and Download
- Download the *.vpptoken file in the Securepoint Unified Security Portal under
in the section Upload Apple VPP / Apple Business Manager / Apple School Manager
using the buttons Add or Update / Upload Token.
Finish with Done
More information about VPP can be found in the wiki article Connecting to Apple's VPP.
Assign customized app to MDM portal
Under , clicking the Add app button adds the customized app to the MDM portal.
This app is configured as follows:
| Caption | Value | Description |  |
|---|---|---|---|
| Type | App | Select the type App | |
| Name | Name | Enter the name for the app | |
| Source | Customized App ID | Customized App ID must be selected as the app source. | |
| iTunes Store ID | iTunes Store ID | Enter the iTunes Store ID of the customized app | |
| Take management | Activate management take over | ||
| Purchase method | Unspecified | Select purchase method | |
| Management flags: | Both deactivated | Select Management flags | |
| Devices | » ✕Add device | Add the devices that should have access to the customized app | |
| User | » ✕Add user | Add the users who should have access to the customized app | |
| Roles | » ✕Add roles | Add the roles that should have access to the customized app | |
| Tags | » ✕Add tags | Add the tags that should have access to the customized app | |
| Comment | Comment | A comment can be added | |
After clicking the Save button, the customized app will be deployed to the selected iOS devices, users, roles or tags.
Alternatively, the button / Install performs the installation and accompanying distribution.
Installing an app that is not listed
Requirement of unlisted apps
In order for an unlisted app to be distributed, it must
- Be present in the app store, or in final deployment and submitted for the app review process; and
- a note be added to the app review that the app should be deployed as unlisted, and
- a request be made in English to deploy as a non-listed app.
A link will be generated. This will allow the app to be accessed in the App Store and Apple Business Manager or Apple School Manager.
Here is additional information about unlisted apps on iOS devices.
The unlisted app is provided on the MDM portal and managed via it. Access must be available.
Set up unlisted app in App Store
If the app is not yet set up in the App Store, this is done with the following steps:
- Log in to App Store Connect as Account Holder, App Manager or as Admin.
- in My Apps click on the button Add (+)
- In the pop-up window, click New App
- in New-App-Dialog select the platforms iOS and enter the app information
- select User Access Limited Access and select the Apple School Manager or Apple Business Manager account.
- Click on Create
This app, which will become the unlisted app, must either be Ready as status, or submitted in final deployment for app review.
In the app check, add a note that this app should be deployed as an unlisted app.
Then send a request to deploy as unlisted app.
If an app is privately provided via Apple School Manager or Apple Business Manager account and this app is to become an unlisted app, then:
- create a new app entry in App Store Connect
- Upload IPA file of this app and select Public as Deployment Method
- Create a request as an unlisted app
After the request is approved, the app is available as an unlisted app.
Assign the unlisted App Apple School/Business Manager Account
The unlisted app is assigned to the Apple School Manager, or Apple Business Manager account:
- in the logged in App Store Connect (as Account Holder, App Manager or as Admin) click on My Apps
- Select the app that is not listed
- click on Unlisted App in the side menu (changed from Prices and Availability)
- under App Distribution Methods select public
- a link is generated, through which users can access the app in the Apple School Manager, respectively Apple Business Manager
Assign Apple School/Business Manager account to MDM portal
- Download the Apple Push certificate (*.pem file)
- Upload this certificate in the [business.apple.com Apple Business Manager] or [school.apple.com Apple School Manager]
This is only required once per location. - Download the vpp token in the Apple Business Manager or Apple School Manager:
- Klick on Username in the corner down left
- Menü Settings
- Payments and Billing
- Tab Apps and Books / Section Server-Tokens
- Choose Token and Download
- Download the *.vpptoken file in the Securepoint Unified Security Portal under
in the section Upload Apple VPP / Apple Business Manager / Apple School Manager
using the buttons Add or Update / Upload Token.
Finish with Done
More information about VPP can be found in the wiki article Connecting to Apple's VPP.
Assign unlisted app to MDM portal
If the unlisted app is not already in the MDM portal, it is added under using the Add app button.
This app is configured as follows:
| Caption | Value | Description |  |
|---|---|---|---|
| Type | App | Select the type App | |
| Name | Name | Enter the name for the app | |
| Source | Manifest URL | Select Manifest URL as app source | |
| Manifest URL | Manifest URL | Enter the URL/link of the unlisted app (see requirements). | |
| Take management | Activate management take over | ||
| Purchase method | Unspecified | Select purchase method | |
| Management flags: | Both deactivated | Select Management flags | |
| Devices | » ✕Add device | Add the devices that should have access to the unlisted app | |
| User | » ✕Add user | Add the users who should have access to the unlisted app | |
| Roles | » ✕Add roles | Add the roles that should have access to the unlisted app | |
| Tags | » ✕Add tags | Add the tags that should have access to the unlisted app | |
| Comment | Comment | A comment can be added | |
After clicking the Save button, the unlisted app will be distributed to the selected iOS devices, users, roles or tags.
Alternatively, the button / Install performs the installation and accompanying distribution.