Configuring connected services
To ensure your Coro subscription is authorized to remotely manage mobile devices, you must first configure your Coro workspace with the necessary certificates and connections. The operation differs depending on whether you intend to manage iOS or Android devices.
For iOS devices, Apple requires organizations to add a valid Apple Push Notification service (APNs) certificate. A valid APNs certificate can then be used for manual device enrollment, or to configure Coro as an MDM service for organization-owned devices deployed through an Apple Device Enrollment Program (DEP).
For Android devices, Google requires you to connect a Customer Managed Google Enterprise account to your Coro workspace.
To configure your Coro workspace to manage mobile devices, see the following procedures:
- iOS - adding an APNs certificate
- iOS - connecting to a DEP
- Android - connecting to a Google Enterprise account
Adding an APNs certificate for iOS device management
APNs certificates are used to validate your Coro service when manually enrolling and managing iOS devices, or when configuring Coro as the designated MDM service for your DEP-enrolled devices.
APNs certificates are generated with an authorized Apple ID, and each connected device uses the APNs certificate for authenticating push requests from the server. Thus, each device is inherently connected to Coro through that certificate.
If you replace the certificate, the connection to all enrolled devices will be lost, and each must be manually reenrolled under a new certificate. If your certificate is due to expire, you must renew the existing certificate, using the same Apple ID, in order that your devices can continue to connect.
Important
APNs certificates are valid for a period of 12 months from the point of issue. To continue to use MDM with your currently enrolled iOS devices, you must renew the certificate before the original expires.
To learn more about renewing an existing certificate, see Options for a current certificate.
The following procedure describes how to obtain a new APNs certificate. First, download a Certificate Signing Request (CSR) from Coro. Then, use the CSR to request a APNs certificate from the Apple Push Certificates portal. Finally, you upload the generated certificate back to your Coro Workspace.
Perform the following steps:
-
From the MDM module page, select the
Connected services
tab, then select
+ CONNECT
:
note
If you have yet to configure any MDM services, no page options or tabs are available. Select CONNECT SERVICES to get started.
The Connect services to Coro MDM dialog appears:
-
Select
Apple Push Notification Services (APNs)
.
The Create and connect Apple's APNs certificate dialog appears:
- In step 1, select Download the certificate signing request to obtain the CSR. Download this CSR to your local workstation. Select NEXT to continue.
-
In step 2, use the link to access the
Apple Push Certificates
portal:
-
Follow the steps on the Apple portal to obtain your APNs certificate.
note
Refer to Apple's documentation for full details.
- Return to the Coro console and select NEXT to continue.
-
In step 3, use the
Upload certificate
box to upload the generated APNs certificate to Coro:
- (Optional) Add a note to describe the certificate. As certificate renewal requires you to use the same Apple ID, Coro recommends including this information here.
-
Select
UPLOAD CERTIFICATE
to continue:
- After the upload has successfully completed, select DONE to exit the dialog.
Options for a current certificate
To view your current APNs certificate, select the Connected services tab. Coro presents all currently configured Apple certificates and services under Apple Services:
Locate Push Notification Services (APNs), then select the adjacent three-dot action menu. Choose from:
- View : View a dialog showing more details.
- Remove : Delete the certificate. See warning below.
The Apple Push Notification services (APNs) dialog accessed through the View action provides details for the current certificate:
In this dialog, you can:
-
RENEW CERTIFICATE
: Upload a renewal for the current certificate.
APNs certificates are valid for a period of 12 months. You can renew a certificate for a further 12 months, but you must use the same Apple ID used to generate the original certificate.
Important
When you need to renew a APNs certificate, you must first use the Apple Push Certificates Portal to obtain the updated certificate. Login to the portal, locate your current certificate, and use the renew option provided. DO NOT GENERATE A NEW CERTIFICATE as your enrolled devices will not recognize the new certificate and will need to be re-enrolled, even if you use the same original Coro CSR file and Apple ID. After you have obtained the renewed certificate, upload it to your Coro workspace through this option.
-
REMOVE CERTIFICATE
: Deletes the current certificate and removes the connection to all enrolled iOS and iPadOS devices.
Important
This process is irreversible. Only remove the certificate if you are sure of the outcome.
Connecting to an Apple Device Enrollment Program
note
Before you can perform this procedure, first configure a valid APNs certificate. See Adding an APNs certificate.
Coro can connect to an Apple Device Enrollment Program (DEP) to be authorized for management of organization owned and deployed iOS and iPadOS devices. Coro supports two DEP variants:
- Apple Business Manager (ABM)
- Apple School Manager (ASM)
In both cases, before you can designate Coro as an MDM service for devices in the program, you must set up a valid connection between Coro MDM and the selected DEP. This process requires you to obtain a public key from Coro, upload it to your ABM or ASM account, generate a token file, and upload this token back to Coro. This establishes the secure connection required to enable Coro as an MDM option in your Apple DEP console.
Important
Apple DEP tokens are valid for a period of 12 months from the point of issue. To continue to use Coro MDM with your DEP-deployed devices, you must renew the token before the original expires. Failure to do so can mean your devices are disenrolled.
To connect Coro MDM to an Apple DEP, perform the following steps:
-
From the MDM module page, select the
Connected services
tab, then select
+ CONNECT
:
The Connect services to Coro MDM dialog appears:
note
If you have yet to configure an APNs certificate, Coro does not provide a DEP option.
-
Select
Device Enrollment Program (DEP)
.
The Create and connect Apple's DEP service dialog appears.
-
In step 1, select your program (ABM or ASM), then select
NEXT
to continue:
-
In step 2, select
Download public key
to download a public key file from Coro. Save it to your local workstation, then select
NEXT
to continue:
-
Follow the instructions shown in step 3 to add Coro as an MDM service in your ABM or ASM service:
note
Refer to Apple's documentation for full details.
- Return to the Coro console and select NEXT to continue.
-
In step 4, use the
Upload token
box to select the generated ABM or ASM token file obtained from the previous step:
-
Select
UPLOAD TOKEN
to continue:
- After the upload has successfully completed, select DONE to exit the dialog.
Options for an existing connection
To view your current DEP connection information, select the Connected services tab. Coro presents all currently configured Apple certificates and services under Apple Services:
Locate Device Enrollment Program (DEP), then select the adjacent three-dot action menu. Choose from:
- View : View a dialog showing more details.
- Remove : Delete the connection. See warning below.
The Apple Device Enrollment Program (DEP) dialog accessed through the View action provides details for the current connection:
In this dialog, you can:
-
RENEW TOKEN
: Upload a renewal for the current connection.
DEP connection tokens are valid for a period of 12 months. You can renew a token for a further 12 months, but you must use the same Apple ID used to generate the original.
-
REMOVE TOKEN
: Deletes the current connection and removes all DEP-enrolled iOS and iPadOS devices from Coro MDM.
Important
This process is irreversible. Only remove the token if you are sure of the outcome.
Connecting a Customer Managed Google Enterprise account
To manage Android devices, connect Coro to your Customer Managed Google Enterprise account. This provides the necessary authorization for enrolled devices to authenticate requests from the server.
Important
To perform this process, you must have a Google account capable of accessing the Google Enterprise service.
To connect a Customer Managed Google Enterprise account, perform the following steps:
-
From the MDM module page, select the
Connected services
tab, then select
+ CONNECT
:
note
If you have yet to configure any MDM services, no page options or tabs are available. Select CONNECT SERVICES to get started.
The Connect services to Coro MDM dialog appears:
-
Select
Google Enterprise
.
Coro shows a connection dialog:
- To start the Google Enterprise configuration process, select LAUNCH GOOGLE ENTERPRISE .
-
Follow the steps in the
Google Enterprise
portal to register or select your account.
note
Refer to Google's documentation for full details.
-
Return to the Coro console and observe that the Customer Managed Google Enterprise connection is shown:
Options for a current connection
On this page, you can:
-
REMOVE CONNECTION
: Deletes the current connection and removes all enrolled Android devices.
Important
This process is irreversible. Only remove the connection if you are sure of the outcome.
- ADD NOTE : Add more information about the account you used to create the connection.