Favicon

You are here: Home > API Reference > Apple > Admenrollmenttemplates > Create enrollment template

Create enrollment template

Required Permission: mdm.apple.enrollmentTemplate.create

Creates a new enrollment template with specified policies, profiles, and configuration settings.

POST
/v1/organizations/:organizationId/mdm/apple/enterprise/enrollment-templates/
Copy to clipboard

Create enrollment template

Required Permission: mdm.apple.enrollmentTemplate.create

Creates a new enrollment template with specified policies, profiles, and configuration settings.

Request

Add parameter in header authorization
Example: Authorization: Bearer <token>
organizationId string
required
Match pattern: ^(([a-fA-F0-9]{24})|([a-zA-Z0-9\\-]{3,}))$
Body Params application/json
name string required
Human-readable enrollment template name identifying configuration purpose for device onboarding workflows.
≤ 128 characters
tags array [string] optional
Classification tags for organizing and filtering enrollment templates by department, device type, or purpose.
description string optional
Detailed enrollment template description explaining purpose, target devices, and configuration policies for administrators.
≤ 256 characters
rules array [object] optional
Array of enrollment rules defining conditional device configurations, policies, and automated actions during onboarding.
name string optional
Rule name identifying specific device configuration policy within enrollment template workflow.
≤ 256 characters
displayNamePattern string optional
Device naming pattern template using placeholders for automatic device name generation during enrollment.
≤ 256 characters
setDeviceName boolean optional
Flag enabling automatic device naming based on displayNamePattern during enrollment process.
tags array [string] optional
Classification tags applied to devices enrolled with this rule for organization and policy targeting.
conditions array [object] optional
Conditional criteria array determining when specific enrollment rule applies during device onboarding workflow.
tags array [array] optional
Nested tag arrays defining AND/OR logic for rule activation based on device or user tag matching.
auxiliaryFields array [array] optional
Nested auxiliary field arrays defining conditional logic for rule activation based on custom user data.
patterns array [string] optional
Regular expression patterns for conditional rule activation based on device or user attribute matching.
identifiers array [string] optional
Specific device or user identifiers triggering conditional rule activation during enrollment workflow.
admPolicyId string optional
Apple Device Management policy identifier linking enrollment rule to device configuration and restriction settings.
Match pattern: ^[a-fA-F0-9]{24}$
admPolicyAssignments array [object] optional
Array of policy assignments with priority ordering for devices enrolled under this enrollment rule.
admPolicyId string optional
Policy identifier for multi-policy assignment specifying device configuration and security requirements.
Match pattern: ^[a-fA-F0-9]{24}$
admPolicy object optional
Complete policy configuration object embedded for reference containing device restrictions and settings.
id string optional
Unique Apple device policy identifier used to track configuration rules and security settings throughout lifecycle.
Match pattern: ^[a-fA-F0-9]{24}$
organization string optional
Organization identifier owning this Apple device policy and managing enrolled iOS iPadOS and macOS devices.
Match pattern: ^[a-fA-F0-9]{24}$
admEnterprise string optional
Apple enterprise account identifier linked to Apple Business Manager or Apple School Manager for device management.
Match pattern: ^[a-fA-F0-9]{24}$
targetType string optional
Policy application scope defining whether configurations apply to entire device or device user context only.
device deviceUser
attachedProfile object optional
Automatically attached configuration profile containing essential MDM settings applied independently of policy assignments and priorities.
name string optional
Human-readable policy name displayed in dashboard for administrative identification and organizational purposes throughout device management.
≤ 256 characters
profiles array [object] optional
List of Apple configuration profiles containing device restrictions security settings and feature configurations applied by policy.
id string optional
Match pattern: ^[a-fA-F0-9]{24}$
organization string optional
Match pattern: ^[a-fA-F0-9]{24}$
admEnterprise string optional
Match pattern: ^[a-fA-F0-9]{24}$
admPolicy string optional
Match pattern: ^[a-fA-F0-9]{24}$
targetType string optional
device deviceUser
name string optional
≤ 256 characters
config object optional
certificates array [object] optional
type string optional
attached single
UUID string optional
≤ 128 characters
version integer optional
≥ 0
updatedAt string optional
Format: date-time
createdAt string optional
Format: date-time
assignedTo object optional
useCustomFileVaultCertificates boolean optional
parentAdmProfileId string optional
Match pattern: ^[a-fA-F0-9]{24}$
applications array [object] optional
List of application assignments defining managed apps with VPP licensing installation actions and configuration settings.
admApplication string required
Match pattern: ^[a-fA-F0-9]{24}$
managed boolean optional
vpp boolean optional
iOSApp boolean optional
configuration object optional
action string optional
forceInstall available requiredForSetup
actionStatus string optional
forceInstall available requiredForSetup available-install
scripts object optional
updatePolicy object optional
applicationsInfo array [object] optional
Enriched application metadata including app names icons versions and store information for dashboard display purposes.
books array [object] optional
List of book assignments for distributing VPP-purchased books or PDF documents to managed Apple devices.
type string optional
asset store
id string optional
≤ 128 characters
booksInfo array [object] optional
Enriched book metadata including titles authors cover images and store information for dashboard display purposes.
scripts array [object] optional
List of script assignments for executing automated tasks compliance checks and configuration enforcement on macOS devices.
type string optional
once loop onDemand
id string optional
≤ 128 characters
loopTime integer optional
≥ 0
resetDate string optional
Format: date-time
arguments string optional
argumentsProcessed string optional
name string optional
≤ 256 characters
description string optional
≤ 500 characters
runner string optional
≤ 256 characters
scriptsInfo array [object] optional
Enriched script metadata including execution history last run timestamps and success rates for monitoring purposes.
bookmarks array [object] optional
List of bookmark assignments for deploying web application shortcuts and internal portal links to device home screens.
title string optional
≤ 256 characters
description string optional
≤ 500 characters
url string optional
≤ 500 characters
iconBase64 string optional
iconUrl string optional
≤ 500 characters
assets array [object] optional
List of asset assignments for deploying files certificates configuration data and resources to managed macOS devices.
mdmAssetId string optional
Match pattern: ^[a-fA-F0-9]{24}$
location string optional
≤ 256 characters
assetName string optional
≤ 256 characters
scope string optional
user system all-users
assetsInfo array [object] optional
Enriched asset metadata including file sizes deployment status and version information for monitoring and auditing purposes.
version integer optional
Policy version number incremented with each modification for tracking configuration changes and rollback capabilities.
≥ 0
updatedAt string optional
ISO timestamp of last policy modification for change tracking synchronization and audit trail purposes.
Format: date-time
createdAt string optional
ISO timestamp when policy was created in system for lifecycle tracking and compliance reporting purposes.
Format: date-time
agentConfiguration object optional
MDM agent behavior settings controlling location tracking app monitoring data collection and application enforcement actions.
allowLocation boolean optional
Flag enabling location tracking for iOS and iPadOS devices through MDM agent for geofencing and asset management.
allowLocationMacos boolean optional
Flag enabling location tracking for macOS devices through MDM agent requiring user privacy consent and system permissions.
allowPackageTime boolean optional
Flag enabling application usage time tracking for monitoring employee productivity and application license optimization purposes.
allowPackageTransfer boolean optional
Flag enabling network data transfer monitoring per application for bandwidth analysis and security threat detection.
allowDeviceInfoBatteryUsage boolean optional
Flag enabling battery usage statistics collection per application for power consumption analysis and device health monitoring.
allowDeviceInfoBluetooth boolean optional
Flag enabling Bluetooth device discovery and connection monitoring for peripheral inventory and security compliance tracking.
allowDeviceInfoSystemInfo boolean optional
Flag enabling comprehensive system information collection including hardware specifications OS versions and installed software inventory.
appBlacklist array [object] optional
List of unauthorized applications to block or remove from managed devices for security compliance and acceptable use enforcement.
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
priority integer optional
Numeric priority value determining policy application order when multiple policies target same device.
≥ 0
commands array [object] optional
Array of MDM commands automatically executed on devices during enrollment rule application process.
admVppLocationId string optional
Volume Purchase Program location identifier for automatic app assignment during device enrollment.
Match pattern: ^[a-fA-F0-9]{24}$
admVppLocationInfo object optional
Volume Purchase Program location metadata containing app distribution and purchasing configuration details.
id string optional
Volume Purchase Program location unique identifier within Apple Business Manager organization.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Human-readable VPP location name identifying app purchase and distribution settings.
≤ 256 characters
config object optional
VPP location configuration settings defining regional app purchasing and distribution parameters.
countryISO2ACode string optional
ISO 3166-1 alpha-2 country code defining VPP location regional app availability and pricing.
≤ 256 characters
defaultPlatform string optional
Default device platform type for VPP app purchases and license distribution.
≤ 256 characters
locationName string optional
VPP location identifier name registered in Apple Business Manager for app purchasing.
≤ 256 characters
allowActivationLock boolean optional
Flag permitting iOS Activation Lock feature enabling device theft protection during enrollment.
setupAssistantEnable boolean optional
Flag enabling Setup Assistant presentation during device enrollment for user configuration guidance.
setupAssistantSkippable boolean optional
Flag allowing users to skip Setup Assistant steps during enrollment for faster device activation.
skipPersonalInfo boolean optional
Flag bypassing personal information collection in Setup Assistant during corporate device enrollment.
segmentId integer optional
Optional segment identifier for targeting enrollment device to a specific segment.
≥ 0
auxiliaryFields array [object] optional
Array of custom input fields collected from users during enrollment for conditional policy application.
type string optional
Input field type determining validation and presentation format for custom user data collection.
select text
key string required
Unique field identifier key used for storing and referencing custom user data in enrollment workflow.
≤ 128 characters
title string optional
Human-readable field label displayed to users during enrollment data collection process.
≤ 128 characters
description string optional
Explanatory field description providing guidance to users during custom data input.
≤ 256 characters
options array [string] optional
Array of selectable values presented to users when auxiliary field type is select.
loginProviderTypes array [string] optional
Array of authentication provider types permitted for user verification during device enrollment workflow.
allowAutoContinue boolean optional
Flag enabling automatic progression through enrollment steps without requiring user interaction at each stage.
segmentId integer optional
Segment identifier for scoping smart enrollment into an specific segment
≥ 0
{
    "name": "Sales Team iPad Enrollment",
    "tags": [
        "sales",
        "ipad",
        "field-workers"
    ],
    "description": "Standard configuration for sales team iPads with productivity apps and security policies.",
    "rules": [
        {
            "name": "Executive Device Setup",
            "displayNamePattern": "{firstName}-{lastName}-iPad",
            "setDeviceName": true,
            "tags": [
                "executive",
                "high-security"
            ],
            "conditions": [
                {
                    "tags": [
                        [
                            "executive"
                        ],
                        [
                            "manager",
                            "director"
                        ]
                    ],
                    "auxiliaryFields": [
                        [
                            "department:sales"
                        ],
                        [
                            "location:hq"
                        ]
                    ],
                    "patterns": [
                        "^iPad.*",
                        ".*Proquot;
                    ],
                    "identifiers": [
                        "[email protected]",
                        "A1B2C3D4E5F6"
                    ]
                }
            ],
            "admPolicyId": "698f2b1c18f11470ce02da32",
            "admPolicyAssignments": [
                {
                    "admPolicyId": "698f2b1c18f11470ce02da32",
                    "admPolicy": {},
                    "priority": 10
                }
            ],
            "commands": [
                {
                    "type": "InstallProfile",
                    "profileId": "698f2b1c18f11470ce02da32"
                }
            ],
            "admVppLocationId": "698f2b1c18f11470ce02da32",
            "admVppLocationInfo": {
                "id": "698f2b1c18f11470ce02da32",
                "name": "US Corporate VPP",
                "config": {
                    "countryISO2ACode": "US",
                    "defaultPlatform": "ios",
                    "locationName": "US Corporate Location"
                }
            },
            "allowActivationLock": false,
            "setupAssistantEnable": true,
            "setupAssistantSkippable": false,
            "skipPersonalInfo": true,
            "segmentId": 1
        }
    ],
    "auxiliaryFields": [
        {
            "type": "select",
            "key": "department",
            "title": "Department",
            "description": "Select your organizational department for policy assignment.",
            "options": [
                "Sales",
                "Engineering",
                "Marketing",
                "Operations"
            ]
        }
    ],
    "loginProviderTypes": [
        "ldap",
        "saml",
        "google"
    ],
    "allowAutoContinue": true,
    "segmentId": 1
}

Responses

200 Response application/json
status boolean optional
data object optional
id string optional
Unique identifier for Apple enrollment template configuration within organizational MDM deployment.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Human-readable enrollment template name identifying configuration purpose for device onboarding workflows.
≤ 128 characters
description string optional
Detailed enrollment template description explaining purpose, target devices, and configuration policies for administrators.
≤ 256 characters
rules array [object] optional
Array of enrollment rules defining conditional device configurations, policies, and automated actions during onboarding.
name string optional
Rule name identifying specific device configuration policy within enrollment template workflow.
≤ 256 characters
displayNamePattern string optional
Device naming pattern template using placeholders for automatic device name generation during enrollment.
≤ 256 characters
setDeviceName boolean optional
Flag enabling automatic device naming based on displayNamePattern during enrollment process.
tags array [string] optional
Classification tags applied to devices enrolled with this rule for organization and policy targeting.
conditions array [object] optional
Conditional criteria array determining when specific enrollment rule applies during device onboarding workflow.
tags array [array] optional
Nested tag arrays defining AND/OR logic for rule activation based on device or user tag matching.
auxiliaryFields array [array] optional
Nested auxiliary field arrays defining conditional logic for rule activation based on custom user data.
patterns array [string] optional
Regular expression patterns for conditional rule activation based on device or user attribute matching.
identifiers array [string] optional
Specific device or user identifiers triggering conditional rule activation during enrollment workflow.
admPolicyId string optional
Apple Device Management policy identifier linking enrollment rule to device configuration and restriction settings.
Match pattern: ^[a-fA-F0-9]{24}$
admPolicyAssignments array [object] optional
Array of policy assignments with priority ordering for devices enrolled under this enrollment rule.
admPolicyId string optional
Policy identifier for multi-policy assignment specifying device configuration and security requirements.
Match pattern: ^[a-fA-F0-9]{24}$
admPolicy object optional
Complete policy configuration object embedded for reference containing device restrictions and settings.
id string optional
Unique Apple device policy identifier used to track configuration rules and security settings throughout lifecycle.
Match pattern: ^[a-fA-F0-9]{24}$
organization string optional
Organization identifier owning this Apple device policy and managing enrolled iOS iPadOS and macOS devices.
Match pattern: ^[a-fA-F0-9]{24}$
admEnterprise string optional
Apple enterprise account identifier linked to Apple Business Manager or Apple School Manager for device management.
Match pattern: ^[a-fA-F0-9]{24}$
targetType string optional
Policy application scope defining whether configurations apply to entire device or device user context only.
device deviceUser
attachedProfile object optional
Automatically attached configuration profile containing essential MDM settings applied independently of policy assignments and priorities.
name string optional
Human-readable policy name displayed in dashboard for administrative identification and organizational purposes throughout device management.
≤ 256 characters
profiles array [object] optional
List of Apple configuration profiles containing device restrictions security settings and feature configurations applied by policy.
applications array [object] optional
List of application assignments defining managed apps with VPP licensing installation actions and configuration settings.
applicationsInfo array [object] optional
Enriched application metadata including app names icons versions and store information for dashboard display purposes.
books array [object] optional
List of book assignments for distributing VPP-purchased books or PDF documents to managed Apple devices.
booksInfo array [object] optional
Enriched book metadata including titles authors cover images and store information for dashboard display purposes.
scripts array [object] optional
List of script assignments for executing automated tasks compliance checks and configuration enforcement on macOS devices.
scriptsInfo array [object] optional
Enriched script metadata including execution history last run timestamps and success rates for monitoring purposes.
bookmarks array [object] optional
List of bookmark assignments for deploying web application shortcuts and internal portal links to device home screens.
assets array [object] optional
List of asset assignments for deploying files certificates configuration data and resources to managed macOS devices.
assetsInfo array [object] optional
Enriched asset metadata including file sizes deployment status and version information for monitoring and auditing purposes.
version integer optional
Policy version number incremented with each modification for tracking configuration changes and rollback capabilities.
≥ 0
updatedAt string optional
ISO timestamp of last policy modification for change tracking synchronization and audit trail purposes.
Format: date-time
createdAt string optional
ISO timestamp when policy was created in system for lifecycle tracking and compliance reporting purposes.
Format: date-time
agentConfiguration object optional
MDM agent behavior settings controlling location tracking app monitoring data collection and application enforcement actions.
segmentId integer optional
Segment identifier for scoping policy into an specific segment
≥ 0
priority integer optional
Numeric priority value determining policy application order when multiple policies target same device.
≥ 0
commands array [object] optional
Array of MDM commands automatically executed on devices during enrollment rule application process.
admVppLocationId string optional
Volume Purchase Program location identifier for automatic app assignment during device enrollment.
Match pattern: ^[a-fA-F0-9]{24}$
admVppLocationInfo object optional
Volume Purchase Program location metadata containing app distribution and purchasing configuration details.
id string optional
Volume Purchase Program location unique identifier within Apple Business Manager organization.
Match pattern: ^[a-fA-F0-9]{24}$
name string optional
Human-readable VPP location name identifying app purchase and distribution settings.
≤ 256 characters
config object optional
VPP location configuration settings defining regional app purchasing and distribution parameters.
countryISO2ACode string optional
ISO 3166-1 alpha-2 country code defining VPP location regional app availability and pricing.
≤ 256 characters
defaultPlatform string optional
Default device platform type for VPP app purchases and license distribution.
≤ 256 characters
locationName string optional
VPP location identifier name registered in Apple Business Manager for app purchasing.
≤ 256 characters
allowActivationLock boolean optional
Flag permitting iOS Activation Lock feature enabling device theft protection during enrollment.
setupAssistantEnable boolean optional
Flag enabling Setup Assistant presentation during device enrollment for user configuration guidance.
setupAssistantSkippable boolean optional
Flag allowing users to skip Setup Assistant steps during enrollment for faster device activation.
skipPersonalInfo boolean optional
Flag bypassing personal information collection in Setup Assistant during corporate device enrollment.
segmentId integer optional
Optional segment identifier for targeting enrollment device to a specific segment.
≥ 0
auxiliaryFields array [object] optional
Array of custom input fields collected from users during enrollment for conditional policy application.
type string optional
Input field type determining validation and presentation format for custom user data collection.
select text
key string required
Unique field identifier key used for storing and referencing custom user data in enrollment workflow.
≤ 128 characters
title string optional
Human-readable field label displayed to users during enrollment data collection process.
≤ 128 characters
description string optional
Explanatory field description providing guidance to users during custom data input.
≤ 256 characters
options array [string] optional
Array of selectable values presented to users when auxiliary field type is select.
loginProviderTypes array [string] optional
Array of authentication provider types permitted for user verification during device enrollment workflow.
allowAutoContinue boolean optional
Flag enabling automatic progression through enrollment steps without requiring user interaction at each stage.
version string optional
Sequential version string tracking enrollment template configuration changes and synchronization state.
≤ 128 characters
updatedAt string optional
Timestamp indicating when enrollment template configuration was last modified or synchronized.
Format: date-time
createdAt string optional
Timestamp indicating when enrollment template configuration was initially created in system.
Format: date-time
devicesCount integer optional
Total number of Apple devices currently enrolled and managed using this enrollment template.
≥ 0
segmentId integer optional
Segment identifier for scoping smart enrollment into an specific segment
≥ 0
{
    "status": true,
    "data": {
        "id": "698f2b1c18f11470ce02da32",
        "name": "Sales Team iPad Enrollment",
        "description": "Standard configuration for sales team iPads with productivity apps and security policies.",
        "rules": [
            {
                "name": "Executive Device Setup",
                "displayNamePattern": "{firstName}-{lastName}-iPad",
                "setDeviceName": true,
                "tags": [
                    "executive",
                    "high-security"
                ],
                "conditions": [
                    {
                        "tags": [
                            [
                                "executive"
                            ],
                            [
                                "manager",
                                "director"
                            ]
                        ],
                        "auxiliaryFields": [
                            [
                                "department:sales"
                            ],
                            [
                                "location:hq"
                            ]
                        ],
                        "patterns": [
                            "^iPad.*",
                            ".*Proquot;
                        ],
                        "identifiers": [
                            "[email protected]",
                            "A1B2C3D4E5F6"
                        ]
                    }
                ],
                "admPolicyId": "698f2b1c18f11470ce02da32",
                "admPolicyAssignments": [
                    {
                        "admPolicyId": "698f2b1c18f11470ce02da32",
                        "admPolicy": {},
                        "priority": 10
                    }
                ],
                "commands": [
                    {
                        "type": "InstallProfile",
                        "profileId": "698f2b1c18f11470ce02da32"
                    }
                ],
                "admVppLocationId": "698f2b1c18f11470ce02da32",
                "admVppLocationInfo": {
                    "id": "698f2b1c18f11470ce02da32",
                    "name": "US Corporate VPP",
                    "config": {
                        "countryISO2ACode": "US",
                        "defaultPlatform": "ios",
                        "locationName": "US Corporate Location"
                    }
                },
                "allowActivationLock": false,
                "setupAssistantEnable": true,
                "setupAssistantSkippable": false,
                "skipPersonalInfo": true,
                "segmentId": 1
            }
        ],
        "auxiliaryFields": [
            {
                "type": "select",
                "key": "department",
                "title": "Department",
                "description": "Select your organizational department for policy assignment.",
                "options": [
                    "Sales",
                    "Engineering",
                    "Marketing",
                    "Operations"
                ]
            }
        ],
        "loginProviderTypes": [
            "ldap",
            "saml",
            "google"
        ],
        "allowAutoContinue": true,
        "version": "3.2.1",
        "updatedAt": "2026-02-10T14: 22:00Z",
        "createdAt": "2026-01-15T10: 30:00Z",
        "devicesCount": 45,
        "segmentId": 1
    }
}
400 Response application/json
status boolean optional
false
error object optional
code number optional
5050
message string optional
Feature not allowed for you billing plan
{
    "status": false,
    "error": {
        "code": 5050,
        "message": "Feature not allowed for you billing plan"
    }
}
401 Response application/json
status boolean optional
false
error object optional
code number optional
4004
message string optional
Invalid Token
{
    "status": false,
    "error": {
        "code": 4002,
        "message": "No auth token"
    }
}
404 Response application/json
status boolean optional
false
error object optional
code number optional
3001
message string optional
Entity not found
{
    "status": false,
    "error": {
        "code": 3001,
        "message": "Entity not found"
    }
}