Managing server tokens

Import one or more server tokens from your Apple enrollment system. When devices enroll in an Apple enrollment system, they are assigned to a server token. When you import a server token into Maintenance, the list of devices assigned to the server token is identified to Tanium. You can import as many server tokens as necessary. Maintenance synchronizes with your Apple enrollment system every six hours to make sure device data in Maintenance is up to date. If you need to synchronize sooner than the scheduled synchronization, you can run a manual synchronization. For information see, Synchronize server tokens

Server tokens from your Apple enrollment system are valid for one year. Before a server token expires, you must download a new server token file from your Apple enrollment system. For information, see Update server tokens.

For information on server tokens in Apple Business Manager, see Apple Business Manager User Guide: Link to a third-party MDM server in Apple Business Manager.

Upload server tokens from an Apple enrollment system

If you use automated device enrollment to enroll devices in Maintenance, upload one or more server tokens from your Apple enrollment system.

From the Maintenance menu, click Apple Device Enrollment, click Tokens and then click Add.
In the Name field, enter a name to identify the token.
Click Download Public Key Certificate. You use this certificate to encrypt the token file that you download from your Apple enrollment system.
In your Apple enrollment system, upload the public key certificate and download the server token file.
Return to the Add Token dialog in the Maintenance workbench. In the Apple ID field, enter the Apple ID you used to create your Apple MDM push certificate. For more information, see Upload an Apple MDM Push Certificate.
Upload the server token file that you downloaded in Step 4. Click Add.

Update server tokens

Server tokens from your Apple enrollment system are valid for one year. Before a server token expires, you must download a new server token file from your Apple enrollment system and upload it to Maintenance. When you upload a new server token file from your Apple enrollment system to an existing server token in Maintenance, all enrollment profiles and initial applications that you configured in Maintenance remain associated with the token. For the best results, plan to update server tokens 1-2 weeks prior to the expiration date.

From the Maintenance menu, click Apple Device Enrollment and then click Tokens .
Select the checkbox for the server token you want to edit and then click Edit .
Click Download Public Key Certificate. You use this certificate to encrypt the token file that you download from your Apple enrollment system.
In your Apple enrollment system, upload the public key certificate and download the server token file.
Return to the Edit Token dialog in the Maintenance workbench. Browse to the server token file that you downloaded and upload it. Click Save.

Synchronize server tokens

Maintenance synchronizes with your Apple enrollment system every six hours. Synchronization adds any new devices to Maintenance that have enrolled with the server tokens you imported from your Apple enrollment system. It also removes devices from Maintenance that are removed from the server tokens. If you do not want to wait for the scheduled synchronization, you can optionally perform a manual synchronization with your Apple enrollment system.

Make sure that the server tokens are synchronized before users attempt to set up devices. If a user sets up a device before the synchronization occurs, that device will not receive an enrollment profile.

From the Maintenance menu, click Apple Device Enrollment and then click Tokens.
Complete one of the following actions.
- To synchronize all tokens, click Synchronize All.
- To synchronize a subset of tokens, select the checkbox for the tokens you want to synchronize and click Synchronize.

Mac and macOS are trademarks of Apple Inc., and registered in the U.S. and other countries and regions.