Supported editions for this feature: Frontline Starter and Frontline Standard; Business Plus; Enterprise; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials and Enterprise Essentials Plus; G Suite Basic and G Suite Business; Cloud Identity Premium. Compare your edition
To use advanced management with Apple iOS devices, you need an Apple push certificate. The certificate establishes a trusted connection between iOS devices and your organization's domain.
Note: You must renew the certificate yearly. If your certificate expires before you renew it, you must set up a new certificate. When you do, your iOS users must unregister and re-register in the Google Device Policy app to synchronize Google Workspace data. For details, see Use the iOS Google Device Policy app
Before you begin
- You need an Apple ID and password to complete this procedure. If you don't have an Apple ID, you can create one during the procedure. Use a work email address when you create the ID so an administrator can easily renew the certificate.
- Don’t reload your browser window or navigate away from any displayed page while you create the certificate. This process helps ensure that the certificate-signing request you submit matches the signed certificate you receive.
Create an Apple push certificate
Step 1: Download a certificate signing request
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu DevicesMobile & endpointsSettingsiOS.
Click Apple certificatesSet Up New Certificate.
Under Certification Request, click Get CSR.
Save the certificate signing request (.csr) file to a convenient location where you can access it later. Download this file only once.
Step 2: Get a signed certificate from Apple
- (Optional) If you don’t have an Apple ID, click Create an Apple ID and enter your details.
- From your Admin console, click Apple Push Certificates Portal and sign in to the portal with your Apple ID and password.
- Click Choose File and select the certificate signing request (.csr) file you saved earlier.
- To submit the request file, click Upload.
Apple accepts the request and displays a confirmation page with your service type, vendor domain, and the expiration date for this certificate.
- Click Download and save the signed certificate (.pem) file. Download this file only once.
- Go back to your Admin console tab or window.
Step 3: Upload your signed certificate
- Under Enter Business Apple ID, enter the Apple ID you used to create the certificate. Your ID is automatically saved to remind you when you renew the certificate.
- Click Upload Certificate and select the certificate (.pem) file you saved from the Apple Confirmation page.
- Click Save & Continue.
The system verifies and uploads the signed certificate. If you have problems, make sure the signed certificate you submitted is the one you saved in step 1. If you find multiple signing requests on your system, delete them all and start again.
iOS devices that already synchronize work data get a notification to install the Google Device Policy profile. The profile checks if the device is compliant with the policies you set. Compliant devices can continue to sync work data. Users of noncompliant devices get a notification and need to fix the problem before they can sync work data. New devices that enroll for management must install the Device Policy profile before they can sync work data.
Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.