Configuring connected services

To ensure your Coro subscription is authorized to remotely manage mobile devices, you must first configure your Coro workspace with the necessary certificates and connections. The operation differs depending on whether you intend to manage iOS or Android devices.

For iOS devices, Apple requires organizations to add a valid Apple Push Notification service (APNs) certificate. A valid APNs certificate can then be used for manual device enrollment, or to configure Coro as an MDM service for organization-owned devices deployed through an Apple Device Enrollment Program (DEP).

For Android devices, Google requires you to connect a Customer Managed Google Enterprise account to your Coro workspace.

To configure your Coro workspace to manage mobile devices, see the following procedures:

Adding an APNs certificate for iOS device management

APNs certificates are used to validate your Coro service when manually enrolling and managing iOS devices, or when configuring Coro as the designated MDM service for your DEP-enrolled devices.

APNs certificates are generated with an authorized Apple ID, and each connected device uses the APNs certificate for authenticating push requests from the server. Thus, each device is inherently connected to Coro through that certificate.

If you replace the certificate, the connection to all enrolled devices will be lost, and each must be manually reenrolled under a new certificate. If your certificate is due to expire, you must renew the existing certificate, using the same Apple ID, in order that your devices can continue to connect.

Important

APNs certificates are valid for a period of 12 months from the point of issue. To continue to use MDM with your currently enrolled iOS devices, you must renew the certificate before the original expires.

To learn more about renewing an existing certificate, see Options for a current certificate.

The following procedure describes how to obtain a new APNs certificate. First, download a Certificate Signing Request (CSR) from Coro. Then, use the CSR to request a APNs certificate from the Apple Push Certificates portal. Finally, you upload the generated certificate back to your Coro Workspace.

Perform the following steps:

  1. From the MDM module page, select the Connected services tab, then select + CONNECT :

    Connect a new service

    note

    If you have yet to configure any MDM services, no page options or tabs are available. Select CONNECT SERVICES to get started.

    The Connect services to Coro MDM dialog appears:

    MDM Settings

  2. Select Apple Push Notification Services (APNs) .

    The Create and connect Apple's APNs certificate dialog appears:

    Create and connect APNs certificate step 1

  3. In step 1, select Download the certificate signing request to obtain the CSR. Download this CSR to your local workstation. Select NEXT to continue.
  4. In step 2, use the link to access the Apple Push Certificates portal:

    Create and connect APNs certificate step 2

  5. Follow the steps on the Apple portal to obtain your APNs certificate.
    note

    Refer to Apple's documentation for full details.

  6. Return to the Coro console and select NEXT to continue.
  7. In step 3, use the Upload certificate box to upload the generated APNs certificate to Coro:

    Create and connect APNs certificate step 3

  8. (Optional) Add a note to describe the certificate. As certificate renewal requires you to use the same Apple ID, Coro recommends including this information here.
  9. Select UPLOAD CERTIFICATE to continue:

    Create and connect APNs certificate final step

  10. After the upload has successfully completed, select DONE to exit the dialog.

Options for a current certificate

To view your current APNs certificate, select the Connected services tab. Coro presents all currently configured Apple certificates and services under Apple Services:

Currently connected Apple services

Locate Push Notification Services (APNs), then select the adjacent three-dot action menu. Choose from:

  • View : View a dialog showing more details.
  • Remove : Delete the certificate. See warning below.

The Apple Push Notification services (APNs) dialog accessed through the View action provides details for the current certificate:

Viewing an APNs certificate

In this dialog, you can:

  • RENEW CERTIFICATE : Upload a renewal for the current certificate.

    APNs certificates are valid for a period of 12 months. You can renew a certificate for a further 12 months, but you must use the same Apple ID used to generate the original certificate.

    Important

    When you need to renew a APNs certificate, you must first use the Apple Push Certificates Portal to obtain the updated certificate. Login to the portal, locate your current certificate, and use the renew option provided. DO NOT GENERATE A NEW CERTIFICATE as your enrolled devices will not recognize the new certificate and will need to be re-enrolled, even if you use the same original Coro CSR file and Apple ID. After you have obtained the renewed certificate, upload it to your Coro workspace through this option.

  • REMOVE CERTIFICATE : Deletes the current certificate and removes the connection to all enrolled iOS devices.
    Important

    This process is irreversible. Only remove the certificate if you are sure of the outcome.

Connecting to an Apple Device Enrollment Program

note

Before you can perform this procedure, first configure a valid APNs certificate. See iOS - adding an APNs certificate.

Coro can connect to an Apple Device Enrollment Program (DEP) to be authorized for management of organization owned and deployed iOS devices. Coro supports two DEP variants:

  • Apple Business Manager (ABM)
  • Apple School Manager (ASM)

In both cases, before you can designate Coro as an MDM service for devices in the program, you must set up a valid connection between Coro MDM and the selected DEP. This process requires you to obtain a public key from Coro, upload it to your ABM or ASM account, generate a token file, and upload this token back to Coro. This establishes the secure connection required to enable Coro as an MDM option in your Apple DEP console.

Important

Apple DEP tokens are valid for a period of 12 months from the point of issue. To continue to use Coro MDM with your DEP-deployed iOS devices, you must renew the token before the original expires. Failure to do so can mean your devices are disenrolled.

To connect Coro MDM to an Apple DEP, perform the following steps:

  1. From the MDM module page, select the Connected services tab, then select + CONNECT :

    Connect a new service

    The Connect services to Coro MDM dialog appears:

    MDM Settings

    note

    If you have yet to configure an APNs certificate, Coro does not provide a DEP option.

  2. Select Device Enrollment Program (DEP) .

    The Create and connect Apple's DEP service dialog appears.

  3. In step 1, select your program (ABM or ASM), then select NEXT to continue:

    Create and connect DEP service dialog

  4. In step 2, select Download public key to download a public key file from Coro. Save it to your local workstation, then select NEXT to continue:

    Create and connect DEP service step 2

  5. Follow the instructions shown in step 3 to add Coro as an MDM service in your ABM or ASM service:

    Create and connect DEP service step 3

    note

    Refer to Apple's documentation for full details.

  6. Return to the Coro console and select NEXT to continue.
  7. In step 4, use the Upload token box to select the generated ABM or ASM token file obtained from the previous step:

    Create and connect DEP service step 4

  8. Select UPLOAD TOKEN to continue:

    Create and connect DEP service final step

  9. After the upload has successfully completed, select DONE to exit the dialog.

Options for an existing connection

To view your current DEP connection information, select the Connected services tab. Coro presents all currently configured Apple certificates and services under Apple Services:

Currently connected Apple services

Locate Device Enrollment Program (DEP), then select the adjacent three-dot action menu. Choose from:

  • View : View a dialog showing more details.
  • Remove : Delete the connection. See warning below.

The Apple Device Enrollment Program (DEP) dialog accessed through the View action provides details for the current connection:

Viewing a DEP connection

In this dialog, you can:

  • RENEW TOKEN : Upload a renewal for the current connection.

    DEP connection tokens are valid for a period of 12 months. You can renew a token for a further 12 months, but you must use the same Apple ID used to generate the original.

  • REMOVE TOKEN : Deletes the current connection and removes all DEP-enrolled iOS devices from Coro MDM.
    Important

    This process is irreversible. Only remove the token if you are sure of the outcome.

Connecting a Customer Managed Google Enterprise account

To manage Android devices, connect Coro to your Customer Managed Google Enterprise account. This provides the necessary authorization for enrolled devices to authenticate requests from the server.

Important

To perform this process, you must have a Google account capable of accessing the Google Enterprise service.

To connect a Customer Managed Google Enterprise account, perform the following steps:

  1. From the MDM module page, select the Connected services tab, then select + CONNECT :

    Connect a new service

    note

    If you have yet to configure any MDM services, no page options or tabs are available. Select CONNECT SERVICES to get started.

    The Connect services to Coro MDM dialog appears:

    MDM Settings

  2. Select Google Enterprise .

    Coro shows a connection dialog:

    Launch Google Enterprise dialog

  3. To start the Google Enterprise configuration process, select LAUNCH GOOGLE ENTERPRISE .
  4. Follow the steps in the Google Enterprise portal to register or select your account.
    note

    Refer to Google's documentation for full details.

  5. Return to the Coro console and observe that the Customer Managed Google Enterprise connection is shown:

    A connected Google Enterprise account

Options for a current connection

On this page, you can:

  • REMOVE CONNECTION : Deletes the current connection and removes all enrolled Android devices.
    Important

    This process is irreversible. Only remove the connection if you are sure of the outcome.

  • ADD NOTE : Add more information about the account you used to create the connection.