Education Configuration Payload¶
The Education Configuration Payload defines the users, groups, and departments within an educational organization.
- All identities must be configured as both SSL clients and servers.
- Leader certificates must have the common name prefix “leader” (case insensitive).
- Member certificates must have the common name prefix “member” (case insensitive).
Template
Contents
Summary¶
| PayloadType: | com.apple.education |
|---|---|
| Supervised Only: | |
| True | |
| macOS: | N/A |
| macOS Deprecated: | |
| N/A | |
| iOS: | 9.3 |
| iOS Deprecated: | N/A |
| Highlander: | N/A |
Keys¶
OrganizationUUID¶
Organization Identifier
This can be any valid UUID. All teacher and student devices that need to communicate with one another must have the same OrganizationUUID, particularly if they originated from different Device Enrollment Programs.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | always | ^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$ | N/A | N/A | N/A |
OrganizationName¶
Organization Display Name
This name will be shown in the iOS login screen.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | always | N/A | N/A | N/A | N/A |
PayloadCertificateUUID¶
Client Authentication Certificate UUID
The UUID of an identity certificate payload that will be used to perform client authentication with other devices.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | always | ^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$ | N/A | N/A | N/A |
LeaderPayloadCertificateAnchorUUID¶
Leader Peer Identities
An array of UUIDs referring to certificate payloads that will be used to authorize leader peer certificate identities. This array must contain all certificates needed to validate the entire chain of trust. Leader certificates must have the common name prefix leader (case insensitive).
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
MemberPayloadCertificateAnchorUUID¶
Group Member Peer Identities
An array of UUIDs referring to certificate payloads that will be used to authorize group member peer certificate identities. This array must contain all certificates needed to validate the entire chain of trust. Member certificates must have the common name prefix member (case insensitive).
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
UserIdentifier¶
Device User
A unique string that identifies the user of this device within the organization.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| string | N/A | N/A | N/A | N/A | N/A | N/A |
Departments¶
Departments
Shared: An array of dictionaries that define departments that are shown in the iOS login window. Leader: An array of dictionaries that define departments that are shown in the Classroom app.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
Department Items¶
| Name | Type | Title | Description | Required |
|---|---|---|---|---|
| Name | string | Department Display Name | The display name of the department. | always |
| GroupBeaconIDs | array | Group Beacon Identifiers | group beacon identifiers that are members of this department. | always |
Groups¶
Groups
Shared: An array of dictionaries that define groups that the user can select in the login window. Leader: An array of dictionaries that define the groups that the user can control. Member: An array of dictionaries that define the groups of which the user is a member.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
Group Items¶
| Name | Type | Title | Description | Required |
|---|---|---|---|---|
| BeaconID | integer | Group Unique Beacon ID | unsigned 16 bit integer specifying this group’s unique beacon ID. | always |
| Name | string | Group Display Name | The display name of the group. | always |
| Description | string | Group Description | The description of the group. | n/a |
| ImageURL | string | Image URL | URL of an image for the group. | n/a |
| ConfigurationSource | string | Configuration Source | the source that provided this group; e.g. iTunesU, SIS, or MDM. | n/a |
| LeaderIdentifiers | array | Leader Identifiers | user identifiers that are leaders of this group. | n/a |
| MemberIdentifiers | array | Member Identifiers | strings that refer to entries in the Users array that are members of the group. | always |
| DeviceGroupIdentifiers | array | Device Group Identifiers | identifier strings that refer to entries in the DeviceGroups array that are device groups to which the instructor can assign users from this class. | always |
Users¶
Users
Shared: An array of dictionaries that define the users that are shown in the iOS login window. Leader: An array of dictionaries that define users that are members of the leader’s groups. Member: An array of dictionaries that must contain the definition of the user specified in the UserIdentifier key. With one-to-one member devices, this key should include only the device user and the leader but not other class members.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
User Items¶
| Name | Type | Title | Description | Required |
|---|---|---|---|---|
| Identifier | string | User ID | uniquely identifies a user in the organization. | always |
| Name | string | User Name | The display name of the user. | always |
| GivenName | string | Given Name | will be displayed as the given name of the user. | n/a |
| FamilyName | string | Family Name | will be displayed as the family name of the user. | n/a |
| ImageURL | string | User Image | A string containing a URL pointing to an image of the user. This image will be displayed in the iOS login screen and in the Classroom app. The recommended resolution is 256 x 256 pixels (512 x 512 pixels on a 2x device). The recommended formats are JPEG, PNG, and TIFF. The ResourcePayloadCertificateUUID identity certificate or the MDM client identity will be used to perform authentication when fetching the image. | n/a |
| FullScreenImageURL | string | User Full Screen Image | URL pointing to an image of the user. The ResourcePayloadCertificateUUID identity certificate or the MDM client identity will be used to perform authentication when fetching the specified resource. | n/a |
| AppleID | string | Managed Apple ID | the Managed Apple ID for this user. | n/a |
| PasscodeType | string | Passcode Length | The passcode UI to show when the user is at the login window | n/a |
DeviceGroups¶
Device Groups
Leader: An array of dictionaries that define the device groups to which the leader can assign devices. This key is not included in member payloads.
| Type | Default | Required | Regex | iOS | macOS | Supervised |
|---|---|---|---|---|---|---|
| array | N/A | N/A | N/A | N/A | N/A | N/A |
| Name | Type | Title | Description | Required |
|---|---|---|---|---|
| Identifier | string | Device Group ID | uniquely identifies a device group in the organization. | always |
| Name | string | Device Group Name | Will be displayed as the name of the device group, which must be unique in the organization | always |
| SerialNumbers | array | Device Serial Numbers | strings containing the serial numbers of the devices in the group. | always |