Following on from my previous post on Apple ID usage (Apple IDs, MDM Servers and You!) I thought it’d be a good idea to write it up in a bit more detail.
This post covers how exactly you’d create a ‘Service Apple ID Account’ for use with APNs / Push Certificate creation, without using the App Store or iTunes and without needing to add payment information!
1) First things first, log into your email solution of choice and create a distribution / mail group for this account, with an email address that makes sense, e.g. firstname.lastname@example.org. You should add any staff members to this group that would likely need to renew the APNs certificate or receive notifications of its expiry. If you cannot create a distribution / mail group, then I’d suggest using an email alias. That way you can move the alias to another email account if your responsibilities change.
2) Navigate to https://appleid.apple.com and click the “Create Your Apple ID” in the upper right corner.
3) Fill in a first name and surname. Select the correct region and enter a date of birth. This date of birth must be more than 13 years ago due to age limitations on Apple IDs. Make a note of these details!
4) Fill in the email address of the distribution / email group or alias you created in the first step. This will also form the Apple ID username. Fill in the password as desired. I’d suggest making this a long and complicated one! Make a note of these details!
5) Select the 3 desired security questions and pick 3 answers. Try to make these hard to guess as they can be used to gain access to this account. In the past I’ve used a selection of words from the walls of a french classroom! Make a note of these details!
6) Optional, but recommended! Untick the boxes for updates, announcements and new media content. You’ll still get updates on your APNs certificate/s expiring but less of the junk.
7) Complete the Captcha and click the “Continue” button
8) You’ll be sent a verification code to the email address you specified in step 4. Grab the code from the email and enter this into the prompt and click “Continue”.
9) That completes the core setup of the Apple ID. You should now be good to use this for your APNs certificate / s, however….
10) Since anyone who gains access to this Apple ID can cause you serious issues (such as revoking your APNs certificate), you might wanna add a second factor to this account.
11) Log back into https://appleid.apple.com, scroll down to the Security section, find “Two-Step Verification” and click “Get Started…”
12) Click “Continue”, then enter a phone number you wish to setup for a second factor. Click “Continue”
13) When the code comes through, enter it into the prompt and click “Continue”
14) If you log into other devices with this Apple ID (generally not suggested!) you can also use devices for a better, non-SMS second factor. Scripting OSX has a nice guide on this here.
15) Next you’ll get shown your recovery key. Make a note of this! Once you’re happy with this, click “Continue”
16) Confirm you’re ready to go ahead, then tick the “I understand the conditions above” and click “Enable Two-Step Verification”
17) And you’re done!
There we go. I’ve expanded on how you can create a ‘service account Apple ID’ in the easiest way possible. As always, if you have any questions, queries or comments, let me know below (or @daz_wallace on Mac Admins Slack) and I’ll try to respond to and delve into as many as I can.
The usual Disclaimer:
While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. I will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.