About ADE Token Management
Automated Device Enrollment (ADE) tokens require periodic renewal and management to maintain device enrollment capabilities. This process allows you to efficiently manage multiple ADE tokens using API automation, reducing manual effort and ensuring consistent token lifecycle management.How It Works
ADE token management involves using the Iru Endpoint API through Postman to perform bulk operations on multiple tokens. The process includes configuring API access, setting up environment variables, downloading tokens from Apple Business Manager, and using automated workflows to renew, update, or delete tokens efficiently.If you do not feel confident in completing this process yourself, please reach out to Iru Endpoint Support for additional guidance.
Prerequisites
- Access to Iru Endpoint with API token creation permissions
- Postman application installed and configured
- Access to Apple Business Manager
- Multiple ADE tokens that need renewal or management
- Basic understanding of API operations and Postman workflows
Configuring Iru Endpoint API Token
Prepare API Token and store it in a secure location. You can read more about this in our Iru Endpoint API article. You can skip this section if you already have an API Token prepared.1
Create or Modify API Token
Create a new API Token or modify an existing one with the required permissions.
2
Navigate to API Settings
In your Iru Endpoint tenant, navigate to Settings > Access > API Tokens.
3
Configure Permissions
Create or modify the existing API Token to include all Automated Device Enrollment-related permissions.
Preparing Postman
Most of the steps moving forward will be performed inside the Postman application on your device. You can skip this section if you already have Postman configured.1
Verify Collection Structure
Check your Collection for the Automated Device Enrollment integrations folder.
2
Define API URL
Define your API URL if undefined in the Iru Endpoint API folder at the top of the collection.
3
Configure Environment Variables
Define the API Token in your Environment variables following our How to Set Up the Iru Endpoint API in Postman article.
Configuring Postman Environment Variables
Now that the basics of Postman have been configured, you will need to define some Environment Variables in Postman to keep track of the Automated Device Enrollment servers.1
Create Environment Variables
In Postman, click the Environments tab in the left sidebar, then click Create Environment to create a new environment. Name your environment (e.g., “Iru Endpoint API”) and add the following variables:
- Variable:
base_url- Initial Value:
https://api.kandji.io/api/v1 - Current Value:
https://api.kandji.io/api/v1
- Initial Value:
- Variable:
token- Initial Value:
your_api_token_here - Current Value:
your_api_token_here
- Initial Value:
2
Add to Existing Variables
If you already have environment variables configured, you can add the new items to the existing variables.
3
List ADE Integrations
Navigate to Iru Endpoint API > Automated Device Enrollment Integrations > GET List ADE Integrations in the Collection.
4
Execute Request
Click the Send button to execute the request.
5
Copy Token IDs
In the Body section of the Results, copy the top-level IDs of each Automated Device Enrollment token.
6
Create Token Variables
For each token ID, create an environment variable with a naming scheme such as
ade_token_1, ade_token_2, etc., incrementing the number for each token.7
Note Server Names
Make a note of the associated
server_name for each token. You will need this information when downloading the tokens from Apple Business Manager.8
Set Variable Values
Paste the ID value for each token into the corresponding
ade_token_# variable (e.g., ade_token_1, ade_token_2).9
Secure Variables
You can set the variable type to secret so that the value of the variable is not visible.
Downloading ADE Tokens
1
Access Apple Business Manager
Log in to your Apple Business Manager account.
2
Navigate to Preferences
Click on your profile in the bottom left and choose Preferences.
3
Select MDM Server
Click on the first MDM server that matches the first ADE token from the list you made earlier.
4
Download Token
Click Download MDM Server Token.
5
Repeat for All Tokens
Repeat this process for each token that you will be renewing.
Creating Postman Folder Template
Creating folders in Postman will make it easier to keep track of your Automated Device Enrollment tokens.1
Access Folder Options
Click on the ellipse next to the Automated Device Enrollment Integrations folder.
2
Add New Folder
Click Add folder.
3
Name the Folder
Name the folder ADE_Token1.
4
Select Integration Items
Navigate to the Automated Device Enrollment Integrations folder and select the Renew ADE Integration and Update ADE Integration items.
5
Copy Items
Right-click the selected items and choose Copy.
6
Access New Folder
Click on the ellipse next to the ADE_Token1 folder.
7
Paste Items
Click Paste to add the copied items to the new folder.
Modifying Renew Item
1
Select Renew Item
Select the Renew ADE Integration item from your token folder.
2
Rename Item
Rename it to Renew ADE1 Integration (or Renew ADE2 Integration, etc., based on your token number).
3
Update Address Bar
In the section to the right, click on the address bar to the left of the Send button.
4
Update Token Variable
Select the text inside
{{ade_token_ade}} and update it to {{ade_token_1}} (or {{ade_token_2}}, etc., based on your token number).5
Configure Body
Click on the Body tab below.
6
Enter Token Details
Enter the
blueprint_id, phone, and email that should be associated with the token.7
Select Token File
For the file, click x by any current files, and then click Select Files.
8
Choose P7M File
Choose the .p7m file that matches this ADE token.
9
Save Changes
Save the changes.
Modifying Update Item
1
Select Update Item
Select the Update ADE Integration item from your token folder.
2
Rename Item
Rename it to Update ADE1 Integration (or Update ADE2 Integration, etc., based on your token number).
3
Update Address Bar
In the section to the right, click on the address bar to the left of the Send button.
4
Update Token Variable
Select the text inside
{{ade_token_ade}} and update it to {{ade_token_1}} (or {{ade_token_2}}, etc., based on your token number).5
Configure Body
Click on the Body tab below.
6
Enter Update Information
This is where you can enter new
blueprint_id, phone, and email information.7
Save Changes
Save the changes.
Duplicating ADE_Token Folder
1
Access Folder Options
Click on the ellipse next to the ADE_Token1 folder.
2
Duplicate Folder
Choose Duplicate.
3
Update Folder Contents
Update the contents of the folder using the process above.
4
Create Additional Folders
Make duplicates of the folder for each of your ADE tokens.
Renewing ADE Integration
Now that everything is configured, you can send the Renew command.1
Select Renew Command
Navigate to the specific token folder you created (e.g., ADE_Token1, ADE_Token2, etc.) and select the Renew ADE1 Integration (or Renew ADE2 Integration, etc.) item that corresponds to your token number.
2
Execute Command
Click the Send button.
Updating ADE Integration
Updating the ADE Integration will allow you to change the associated Blueprint ID, phone number, and email address.1
Select Update Command
Navigate to the specific token folder you created (e.g., ADE_Token1, ADE_Token2, etc.) and select the Update ADE1 Integration (or Update ADE2 Integration, etc.) item that corresponds to your token number.
2
Update Details
Update the details in the Body section that need updating.
3
Execute Command
Click the Send button.
Checking Current Integrations
Iru Endpoint API > Automated Device Enrollment Integrations > GET List ADE Integrations command will give us all current ADE integrations so that we can verify that the integration was Renewed or Updated successfully.1
Select List Command
Select Iru Endpoint API > Automated Device Enrollment Integrations > GET List ADE Integrations in the Collection.
2
Execute Command
Click the Send button.
3
Verify Renewal
The
days_left variable should be 364 if the Renew command was successful.4
Verify Updates
To verify an update, check the information associated with the ADE token to verify that it was updated.
Deleting Integration
Iru Endpoint API > Automated Device Enrollment Integrations > DEL Delete ADE Integration command will delete the ADE integration associated with the supplied ADE Token ID.1
Select Delete Command
Select Iru Endpoint API > Automated Device Enrollment Integrations > DEL Delete ADE Integration in the Collection.
2
Set Token ID
Populate the
ade_token_id variable with the ID of the ADE Token.3
Execute Command
Click the Send button.
Considerations
- API Token Security: Ensure API tokens are stored securely and have appropriate permissions for ADE operations
- Environment Variables: Use environment variables to manage multiple token IDs efficiently
- Token Lifecycle: ADE tokens have expiration dates and require periodic renewal to maintain enrollment capabilities
- Apple Business Manager Access: Ensure you have proper access to download tokens from Apple Business Manager
- Postman Configuration: Proper Postman setup is essential for successful API operations
- Token File Management: Keep track of downloaded .p7m files and associate them with correct token IDs
- Verification Process: Always verify successful operations by checking integration status and token expiration
- Bulk Operations: Use folder templates to efficiently manage multiple tokens
- Error Handling: Be prepared to troubleshoot API errors and token validation issues
- Documentation: Keep records of token configurations and associated server names
- Testing: Test operations on a small scale before performing bulk operations
- Backup Strategy: Maintain backups of token configurations and API settings
- Access Control: Ensure only authorized personnel have access to token management operations
- Monitoring: Regularly monitor token expiration dates and renewal schedules