Can you Push Apple ID for iCloud and iTunes settings to iOS devices

SOLVED
Stephen86
Conversationalist

Can you Push Apple ID for iCloud and iTunes settings to iOS devices

Hi is there any way with system manager to push the AppleID username and password to an iOS device.

 

We have a small fleet of less then 10 iPads so we use public app store apps instead of VPP app as the apple terms of use allows you to have the app on up to 9 devices and only pay for it once instead of 9 times the price via the VPP. So we need to have the apple ID set in the iTunes setting of the iPad to the account that purchased the apps. 

 

This becomes a problem when we have to change the password on the account as all the devices start prompting for the new password and we don't want to hand out the password to the end users. I looked into using family sharing to get around the but your limited to 5 users in the family group and we have more then that so that not an option.

 

So being able to find a way to push the apple id details to the device would be perfect because if we change the password we could just update the config and push it out again.

1 ACCEPTED SOLUTION
jffortier
Getting noticed

I understand what you are trying to do, but the limit of 9 devices is for one user, you try to install 1 app that you purchase 1 licence into 10 users, that is against the basic rules of software licencing. If you have yourself 2-3 devices you can use the apps for yourself on 2-3 devices, but not sharing with 2-3 friends !

View solution in original post

9 REPLIES 9
jffortier
Getting noticed

I understand what you are trying to do, but the limit of 9 devices is for one user, you try to install 1 app that you purchase 1 licence into 10 users, that is against the basic rules of software licencing. If you have yourself 2-3 devices you can use the apps for yourself on 2-3 devices, but not sharing with 2-3 friends !

Ryan-Zimmerle
Getting noticed

My personal knee jerk reaction here is that you will spend more time managing a non-standard implementation than anything.  If you put a dollar figure on the time it takes to manage this solution, Im betting in the long run going VPP will save you time and as a result money.  The other thing I might mention, VPP with SM scales, where as if you try to scale 20, this solution does not scale.  I don't have all of the details here honestly and I could be totally off base.  I just know from experience at my organizations, I take the Meraki approach, Simplify IT. 

 

I hope this is somehow helpful.

 

Ryan 

PeterJames
Head in the Cloud

@Stephen86

 

Buying the App multiple times (depending on the cost) may seem expensive at the start, but with the Apple DEP/VPP programme you save money in the long run by avoiding unnecessary support costs.

 

And if you only use the device for one App, then I do encourage you to consider SingleApp / Kiosk / App Lock mode. This is different from Guided Access and leaves the device completely in your hands.

 

 


Thank you,
Peter James

 

Stephen86
Conversationalist

Hi

 

@Ryan-Zimmerle 

Thanks for your reply and i totally agree with you that in the long run spending the money now will save money in time and effort to maintain it, and switching to VPP would make the app problem disappear. However I work for a medium size family business and it's almost impossible to justify that kind of spend.

 

Also the other side of this is that the manager wants to be able to use Find my iPad to spot check that the staff are where they said they are.  So unless there is a way that i can give the manger an app for his iPad that is limited to just the Systems Manger Map and only the iPad devices then we still need the apple ID set in the iCloud settings. Unless you or someone has another option that is $0 cost.

 

@jffortier

The last time i checked the terms of use it still read that you could but it has been some time since a last checked them so it may have been changed since then. So thanks for your reply as if it has changed to how your describing it then I will have a valid business case to get the purchase approved through the VPP.

 

 

I totally get you, we also are small family business and I try to get all my working solution from free application, and I donate to developer when I really use and like the apps and it's working fine, bug free and he respond to feature request or fix bug.

 

Is you app that expensive that you can't get it for 10 devices ?

We only need 7 copies of the app which works out to $188 but since we had been doing it on the single license I needed something to justify to the owner of the business why he now needs to spend that money for something that has been working.

 

So i did a check on the terms of use and found the following under the App Store Content section.
Individuals acting on behalf of a commercial enterprise, governmental organization or educational institution (an “Enterprise”) may download and sync Apps for use by either (i) a single individual on one or more devices owned or controlled by an Enterprise; or (ii) multiple individuals on a single shared device owned or controlled by an Enterprise. For the sake of clarity, each device used serially or collectively by multiple users requires a separate license.

 

So the way i read that is if its for business use each device has to have its own licence for the app regardless of weather it's used by a single user and multiple users. This gives me the justification that i need to get the purchase order approved to buy the licenses through the VPP.

 

As for the user tracking for the manager I'm currently playing with the apple app Find My Friends to see if i can make use of that with each user issued there own apple ID so we don't have to hand out the master one. If anyone has a better app i'm open to hearing about it.

@Stephen86 Admittedly when I am unsure of a devices location, I slip it in to lost mode that enables 'Location Service' on that device overriding any settings set for it. Then hit 'request location'. It can flick in/out without the customers even noticing.

 

See the official Meraki document here: [Link]. (We have found devices arrive in Iraq, Lebanon and in some cases customers have left them at the training sites.)

 

Alternatively you could use the 'System Manager' App and enable location services for it. See Meraki documentation here [Link]

 

Thank you,
Peter James

In our case, I've created Apple ID for each device (since ios7, if you activate locate my iPhone with your employee's ID... you are stuck with a lock device unless the employee wants to unlock it, and after firing him... good look!!) Now Apple, with proof of purchase can unlock it for you, but still...

 

I enter that information in the iCloud account and it will use it for the Find My Friend.

This will make sure each device will have a full 5gig of backup storage.

 

I then add those ID into my FMF app so I can track them with my iPhone, not the Meraki website (by the way is not adapted to work on mobile)

 

Using supervised mode, I disable FMF modification, so they can't remove me 🙂

Unable the option to turn off location service, so they can't go ninja !!

Employees don't get the psw for those ID and they all use 2 step authentication and my cell phone is the one used for that. 

This way, employee can use their own Apple ID in the App Store and I push our apps via VPP.

 

The problem with the Meraki MDM app, it will ask at start up to allow location service... but eventually, it asks it again, it happens on my test device, "Do you still grant location tracking even if the app is not working"... so if your employee says NO... the Meraki app location becomes useless and anyway it's not updating regularly. I click "Refresh Location" and I refresh the page 5 mins after... the location is "updated by GPS about 1h ago" !! 

 

@PeterJames I've tested you lock device trick, in my case, it's not working. I left the device lock for 5 mins before unlocking it, refresh location, refresh web pages with force reload data... still location updated 1h ago.

@jffortier If it cant determine its location, it will not update. Did you wait until the pending was complete in the log? And did you refresh the entire web browser page?

 

Unfortunately, this does require a bit of babysitting and a couple of attempts in some cases.


Thank you,
Peter James

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels