The Supervision Identity allows pairing with your iOS devices, even if the MDM DEP profile assigned to your devices does not allow pairing with other hosts. The option effectively secures devices while retaining management capabilities with GroundControl.
The Supervision Identity is unique to your organization in GroundControl. We export only the “public” component of the supervision; the private key is kept encrypted and is not exportable. Also, GroundControl stores its pairing information in a private database. So this operation to permit pairing to GroundControl does NOT allow other apps on the same host — such as iTunes, Configurator, etc. — to manage the device.
As always, changes to DEP profiles only can affect devices during activation. Therefore already-activated devices will need to be erased and re-activated to receive these settings. This is unfortunate, but it is a limitation of DEP.
The process below will pre-load GroundControl’s identity to your devices during DEP activation. The identity allows GroundControl to do more with your DEP devices:
- Avoid the “Trust this Computer?” prompt; instead devices pair automatically with any Launchpad app for your organization, even if your DEP profile prohibits pairing
- Set Wallpaper
- Launch Apps
- Enable App Lock
- Hide Apps
- Set Restrictions
- Restore a backup, including system settings, if you follow special instructions
- Removes the “Unpaired. Please reconnect.” status message.
Specific instructions for various MDM systems are included below.
Step 1: Export the Supervision Identity
In GroundControl’s admin console, click on Admin tab > DEP. Then click on the link to export your supervision identity.
GroundControl will save a cryptographic file in .crt format. Keep this file for the next step.
Step 2: Import the identity into your MDM
The instructions are different depending on your MDM.
Step 3: Test pairing
Pairing records are remembered by the host, and survive device erases. So testing can easily be contaminated by old data. Follow these steps to make sure you are testing correctly.
Test A (single Launchpad):
- Erase a DEP device and configure it by hand, without using GroundControl. This ensures GroundControl does not grab the pairing record from the erased device.
- On your Launchpad choose “Reset Launchpad” from the File menu (Windows) or Launchpad menu (Mac). This will remove any saved pairing records from that Launchpad. Register the Launchpad when prompted.
- Now plug in the device to the host. After a few moments, you should see the device show up as “DEP, Limited operations available.” You should NOT see the trust prompt on the device. This means that GroundControl has successfully paired with the device, without additional prompts.
Test B (multiple Launchpads):
- Begin by resetting the Launchpads on at least two computers. Then register both Launchpads and have the software running.
- On computer 1, deploy a DEP-enabled GroundControl workflow to one device. Make sure the device is past all setup screens for the next step.
- Plug in the configured device into the second computer. After a few moments, you should see the device show up as “DEP, Limited operations available.” You should NOT see the trust prompt on the device. This means that GroundControl has successfully paired with the device, without additional prompts
These steps are not required for non-DEP (“Manage with GroundControl”) deployments.