Managing iOS Supervision Identities

Supervision identities are certificates added to iOS devices during enrollment in Apple's Device Enrollment Program (DEP). They help ensure only trusted computers can connect to and manage these iOS devices, making them more secure in business environments.

TIP: Only systems with the correct Supervision identities can pair with the supervised devices provided the Allow Supervised Pairing option is disabled. Refer to the Allow Supervised Pairing option for more information.

Accessing Supervision Identity Settings

To access the Supervision Identities,

  1. Select the Settings tab in top navigation.
  2. Select Apple Settings > DEP Profiles.
  3. Select a DEP profile to open the profile details.
  4. Select Supervision Identities section.
  5. Here you can perform the following actions:
    1. Click Add to add Supervision Identity. You can add it in three ways,
      1. Create new - creating a new certificate directly from the profile.
      2. Add Existing - adding existing certificate from Library
      3. Upload - upload the certificate.

      TIP: If multiple profiles are selected, the Add button is disabled.

    2. Click Remove From DEP Profile – to remove the Supervision Identity from the profile.
    3. Click Download – to download the certificate.
    4. Click View Password – to view the password of the certificate.

Adding a New Supervision Identity

You can add a supervision identity using any of the following methods:

  1. Creating a new Supervision Identity:
    1. Select the Settings tab in top navigation.
    2. Select Apple Settings > DEP Profiles.
    3. Select a DEP profile to open the profile details.
    4. Select Supervision Identities section.
    5. Click Add and then click the Create New option.
    6. Provide a Friendly Name (must be 5–32 alphanumeric characters with single spaces allowed).
    7. Enter and confirm a Password for the certificate file.
    8. Click Save.

    NOTE: Linking a Supervision identity does not immediately inject it into the device. Devices must be factory reset and re-enrolled for the new supervision identity to take effect.

  2. Adding Supervision Identity from Library
    1. Select the Settings tab in top navigation.
    2. Select Apple Settings > DEP Profiles.
    3. Select a DEP profile to open the profile details.
    4. Select Supervision Identities section.
    5. Click Add and then click the Add Existing option.
    6. From the Certificate Library, select one of the existing certificates that can be used as a supervision identity.
    7. Click Add.

    NOTE: You can reuse supervision identities across multiple DEP profiles using this method.

  3.  Uploading a Certificate
    1. Select the Settings tab in top navigation.
    2. Select Apple Settings > DEP Profiles.
    3. Select a DEP profile to open the profile details.
    4. Select Supervision Identities section.
    5. Click the Upload option.

      NOTE: This certificate must be in the correct format or exported from Apple Configurator to be used as a supervision identity.

    6. Browse and select the exported .p12 certificate file.
      The file size cannot exceed 2 GB.

      NOTE: To import a supervision identity, see instructions here - Generate or choose a supervision identity

    7. In the Description field, add a short description.
    8. In the Password field, enter the password used during certificate export.
    9. Click Save.

 

Connecting a Supervised iOS Device to Apple Configurator

When connecting a supervised iOS device to Apple Configurator, the application checks for a matching supervision identity in its key chain. The behavior depends on whether the supervision identity is present or not.

  • If the Supervision Identity is present
    The device appears in Apple Configurator and can be managed without interruption.
  • If the Supervision Identity is not present
    The Apple Configurator displays a warning message indicating that the identity is missing.

    To resolve this issue, follow the steps to import the correct supervision identity into Apple Configurator:

    • Open Apple Configurator.
    • From the menu bar, select Settings > Organizations.
    • Click the + button to add a new Organization.
    • On the Sign in screen, click Skip.
    • Enter the Organization details as needed.
    • When prompted, choose Use an existing Supervision Identity, select the appropriate identity from the key chain .

    Once the identity is imported, the supervised device will appear in Apple Configurator and can be reset or modified as required.