Apple Platform Deployment
- Welcome
- Intro to Apple platform deployment
- What’s new
-
-
- Accessibility payload settings
- Active Directory Certificate payload settings
- AirPlay payload settings
- AirPlay Security payload settings
- AirPrint payload settings
- App Lock payload settings
- Associated Domains payload settings
- Automated Certificate Management Environment (ACME) payload settings
- Autonomous Single App Mode payload settings
- Calendar payload settings
- Mobile payload settings
- Mobile Private Network payload settings
- Certificate Preference payload settings
- Certificate Revocation payload settings
- Certificate Transparency payload settings
- Certificates payload settings
- Conference Room Display payload settings
- Contacts payload settings
- Content Caching payload settings
- Directory Service payload settings
- DNS Proxy payload settings
- DNS Settings payload settings
- Fonts payload settings
- Domains payload settings
- Energy Saver payload settings
- Exchange ActiveSync (EAS) payload settings
- Exchange Web Services (EWS) payload settings
- Extensible Single Sign-on payload settings
- Extensible Single Sign-on Kerberos payload settings
- Extensions payload settings
- FileVault payload settings
- Finder payload settings
- Firewall payload settings
- Fonts payload settings
- Global HTTP Proxy payload settings
- Google Accounts payload settings
- Home Screen Layout payload settings
- Identification payload settings
- Identity Preference payload settings
- Kernel Extension Policy payload settings
- LDAP payload settings
- Lights Out Management payload settings
- Lock Screen Message payload settings
- Login Window payload settings
- Managed Login Items payload settings
- Mail payload settings
- Network Usage Rules payload settings
- Notifications payload settings
- Parental Controls payload settings
- Passcode payload settings
- Printing payload settings
- Privacy Preferences Policy Control payload settings
- Relay payload settings
- SCEP payload settings
- Security payload settings
- Setup Assistant payload settings
- Single Sign-on payload settings
- Smart Card payload settings
- Subscribed Calendars payload settings
- System Extensions payload settings
- System Migration payload settings
- Time Machine payload specifics
- TV Remote payload settings
- Web Clips payload settings
- Web Content Filter payload settings
- LDAP payload settings
-
- Declarative app configuration
- Authentication credentials and identity asset declaration
- Background task management declarative
- Calendar declarative configuration
- Certificates declarative configuration
- Contacts declarative configuration
- Exchange declarative configuration
- Google Accounts declarative configuration
- LDAP declarative configuration
- Legacy interactive profile declarative configuration
- Legacy profile declarative configuration
- Mail declarative configuration
- Maths and Calculator app declarative configuration
- Passcode declarative configuration
- Passkey Attestation declarative configuration
- Safari extensions management declarative configuration
- Screen Sharing declarative configuration
- Service configuration files declarative configuration
- Software Update declarative configuration
- Software Update settings declarative configuration
- Storage management declarative configuration
- Subscribed Calendars declarative configuration
- Glossary
- Document revision history
- Copyright
Active Directory Certificate MDM payload settings for Apple devices
You can use Active Directory Certificate settings for Mac computers enrolled in a mobile device management (MDM) solution. Use the Active Directory Certificate payload to set authentication information for Active Directory Certificate servers. Active Directory Certificate servers bind a user identity or device to a private key that is stored in a directory server. This payload lets the device or user use the stored key for service encryption and authentication. To bind a Mac to Active Directory, see the Directory Service payload.
The Active Directory Certificate payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.ADCertificate.managed
Supported operating systems and channels: macOS device, macOS user.
Supported enrolment types: User Enrolment, Device Enrolment, Automated Device Enrolment.
Duplicates allowed: True — more than one Active Directory Certificate payload can be delivered to a user or device.
You can use the settings in the table below with the Active Directory Certificate payload.
Setting | Description | Required | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Description | The description of the certificate request. | Yes | |||||||||
Certificate hostname | The IP address or fully qualified domain name (FQDN) of the certificate server. | Yes | |||||||||
Certificate authority | The name of the certificate authority (the common name or CN attribute value of the directory entry at “CN=<your CA>,CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,<your base DN>”) | Yes | |||||||||
Certificate template | The name of the template. | Yes | |||||||||
Certificate expiry notification thread | The number of days before the certificate expires at which to begin showing the expiry notification. | Yes | |||||||||
RSA key size | The key size for the certificate signing request. | Yes | |||||||||
Prompt for credentials | You can prompt users to enter their credentials. | No | |||||||||
Account username and password | The username and password credentials (optional for users and groups, unnecessary for devices and device groups). | No | |||||||||
Allow access to all apps | By default, only selected processes, such as Wi-Fi and VPN, can access this certificate. Enable this option to allow all apps to access this certificate. | No | |||||||||
Allow export from the Keychain | This allows the private key to be exported from the Keychain. | No | |||||||||
Enable auto-renewal | This allows the certificate to attempt an auto-renewal from the server. | No | |||||||||
Note: Each MDM vendor implements these settings differently. To learn how various Active Directory Certificate settings are applied to your devices and users, consult your MDM vendor’s documentation.