The payload that configures the users, groups, and departments within an educational organization.
| Setting | Type | Required | Default | Manual Install | Supported OS |
|---|---|---|---|---|---|
OrganizationUUID OrganizationUUID The organization's UUID identifier. This identifier can be any valid UUID. All teacher and student devices that need to communicate with one another must have the same organization UUID, particularly if they originated from different Device Enrollment Programs. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
OrganizationName OrganizationName The organization's display name. The system displays this name in the iOS login screen. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
PayloadCertificateUUID PayloadCertificateUUID The UUID of an identity certificate payload within the same profile to use for performing client authentication with other devices. This property supports PKCS12 certificates.
Required to configure Classroom. Has no effect on the configuration of the Shared iPad login screen. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
LeaderPayloadCertificateAnchorUUID LeaderPayloadCertificateAnchorUUID The array of UUIDs referring to certificate payloads within the same profile that the system uses to authorize leader peer certificate identities. This array needs to contain all necessary certificates to validate the entire chain of trust. Leader certificates needs to have the common name prefix leader, which is case insensitive.
This property doesn't support identity payloads or PKCS12 certificates.
Required when configuring a student device for Classroom, and ignored when configuring an instructor device. Has no effect on the configuration of the Shared iPad login screen. 1 subkey | array | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ LeaderPayloadCertificateAnchorUUIDItem LeaderPayloadCertificateAnchorUUIDItem A certificate payload UUID. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
MemberPayloadCertificateAnchorUUID MemberPayloadCertificateAnchorUUID The array of UUIDs referring to certificate payloads within the same profile that the system uses to authorize group member peer certificate identities. This array must contain all certificates needed to validate the entire chain of trust. Member certificates must have the common name prefix member (case insensitive).
This property doesn't support identity payloads or PKCS12 certificates.
Required when configuring a student device for Classroom, and ignored when configuring an instructor device. Has no effect on the configuration of the Shared iPad login screen. 1 subkey | array | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ MemberPayloadCertificateAnchorUUIDItem MemberPayloadCertificateAnchorUUIDItem A certificate payload UUID. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
ResourcePayloadCertificateUUID ResourcePayloadCertificateUUID The UUID of an identity certificate payload within the same profile that the system uses to perform client authentication when fetching additional resources, such as student images.
If set, the system uses this key to configure both Classroom and the Shared iPad login screen. If not set, the system uses MDM client identity. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
UserIdentifier UserIdentifier The unique string that identifies the user of this device within the organization.
Don't set this value in payloads intended to configure the Shared iPad login screen. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
Departments Departments _For Shared iPad profiles:_ The array of dictionaries that defines which departments the system displays in the Shared iPad login screen. If set, the system uses this key to configure both Classroom and the Shared iPad login screen. 1 subkey | array | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ DepartmentsItem DepartmentsItem A department in the organization. 2 subkeys | dictionary | — | ✓Yes | iOS (9.3+)macOS (10.14+) | |
└─ └─ Name Name The display name of the department. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ GroupBeaconIDs GroupBeaconIDs The group beacon identifiers that are members of this department. 1 subkey | array | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ └─ GroupBeaconIDsItem GroupBeaconIDsItem A group beacon identifier. | integer | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
Groups Groups _For Shared iPad profiles:_ The array of dictionaries that defines which groups the user can select in the Login Window.
_For leader/teacher profiles:_ The array of dictionaries that defines the groups that the user can control.
_For member/student profiles:_ The array of dictionaries that defines the groups where the user is a member. 1 subkey | array | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ GroupsItem GroupsItem An array of dictionaries defining groups. 8 subkeys | dictionary | — | ✓Yes | iOS (9.3+)macOS (10.14+) | |
└─ └─ BeaconID BeaconID An unsigned 16 bit integer specifying this group's unique beacon ID. | integer | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ Name Name The display name of the group. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ Description Description The description of the group. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ ImageURL ImageURL Deprecated (iOS 9.3.1) Deprecated in iOS 9.3.1 and later. The URL of an image for the group. | string | optional | — | ✓Yes | iOS (legacy - 9.3.1) |
└─ └─ ConfigurationSource ConfigurationSource The source that provided this group, such as SIS, or MDM. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ LeaderIdentifiers LeaderIdentifiers The user identifiers that are leaders of this group. 1 subkey | array | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ └─ LeaderIdentifiersItem LeaderIdentifiersItem A user identifier. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ MemberIdentifiers MemberIdentifiers The entries in the Users array that are members of the group. 1 subkey | array | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ └─ MemberIdentifiersItem MemberIdentifiersItem A member identifier. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ DeviceGroupIdentifiers DeviceGroupIdentifiers The identifiers that refer to entries in the `DeviceGroups` array to which the instructor can assign users from this class.
Has no effect on the configuration of the Shared iPad login screen. 1 subkey | array | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ └─ DeviceGroupIdentifiersItem DeviceGroupIdentifiersItem A device group identifier. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
Users Users For Shared iPad profiles: The array of dictionaries that define the users that the system displays in the iOS Login Window.
_For leader/teacher profiles:_ The array of dictionaries that define users that are members of the teacher's groups.
_For member/student profiles:_ The array of dictionaries that needs to contain the definition of the user specified in the `UserIdentifier` key. With one-to-one member devices, this key should include only the device user and the teacher but not other class members. 1 subkey | array | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ UsersItem UsersItem A user in the organization. 10 subkeys | dictionary | — | ✓Yes | iOS (9.3+)macOS (10.14+) | |
└─ └─ Identifier Identifier The unique identifier for a user in the organization. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ Name Name The name of the user. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ GivenName GivenName The given name of the user. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ FamilyName FamilyName The family name of the user. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ PhoneticGivenName PhoneticGivenName The user's phonetic given name. The system uses this name to sort users in the Classroom app and the Shared iPad Login Screen. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ PhoneticFamilyName PhoneticFamilyName The user's phonetic family name. The system uses this name to sort users in the Classroom app and the Shared iPad login screen. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ ImageURL ImageURL A string that contains a URL pointing to an image of the user. The system displays this image in the iOS login screen and in the Classroom app. The recommended resolution is 256 x 256 pixels (512 x 512 pixels on a 2x device). The recommended formats are JPEG, PNG, and TIFF. The system uses the `ResourcePayloadCertificateUUID` identity certificate or the MDM client identity to perform authentication when fetching the image. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ FullScreenImageURL FullScreenImageURL Deprecated (iOS 9.3.1) Deprecated in iOS 9.3.1 and later. The URL pointing to an image of the user. The system uses the `ResourcePayloadCertificateUUID` identity certificate or the MDM client identity to perform authentication when fetching the specified resource. | string | optional | — | ✓Yes | iOS (legacy - 9.3.1) |
└─ └─ AppleID AppleID The Managed Apple Account for this user.
Not required to configure Classroom, but if set the system uses it.
Required to configure the Shared iPad login screen. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ PasscodeType PasscodeType The type of passcode UI to show when the user is at the Login Window. | string | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
DeviceGroups DeviceGroups _For leader/teacher profiles:_ The array of dictionaries that defines which device groups the leader can assign devices to. Not included in member payloads. 1 subkey | array | optional | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ DeviceGroupsItem DeviceGroupsItem A device group in the organization. 3 subkeys | dictionary | — | ✓Yes | iOS (9.3+)macOS (10.14+) | |
└─ └─ Identifier Identifier The unique identifier for the device group in the organization. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ Name Name The name of the device group, which must be unique in the organization. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ SerialNumbers SerialNumbers The serial numbers of the devices in the group. 1 subkey | array | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
└─ └─ └─ SerialNumbersItem SerialNumbersItem A serial number. | string | required | — | ✓Yes | iOS (9.3+)macOS (10.14+) |
ScreenObservationPermissionModificationAllowed ScreenObservationPermissionModificationAllowed If `true`, the system allows students enrolled in managed classes to modify their teacher's permissions for screen observation on their device. | boolean | optional | false | ✓Yes | iOS (10.3+) |
