Maybe it could be done like this <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>AssignedManagedAppleID</key> <string>hoge@test-demo.link</string> <key>CheckInURL</key> <string>https://test-demo.link/api/ios/checkin</string> <key>CheckOutWhenRemoved</key> <true/> <key>EnrollmentMode</key> <string>BYOD</string> <key>IdentityCertificateUUID</key> <string>01efd239-4749-408d-9eed-1bcfa47e0652</string> <key>PayloadDescription</key> <string>Test</string> <key>PayloadDisplayName</key> <string>Test</string> <key>PayloadIdentifier</key> <string>localhost.mdm</string> <key>PayloadOrganization</key> <string>Test</string> <key>PayloadType</key> <string>com.apple.mdm</string> <key>PayloadUUID</key> <string>d3c23112-ad92-4115-8241-95a216b3b717</string> <key>PayloadVersion</key> <integer>1</integer> <key>ServerURL</key> <string>https://test-demo.link/api/ios/mdm</string> <key>SignMessage</key> <true/> <key>Topic</key> <string>com.apple.mgmt.External.16a8b279-c4a9-4a33-9f1e-e155ab8161fd</string> <key>UseDevelopmentAPNS</key> <false/> </dict> <dict> <key>PayloadContent</key> <dict> <key>Challenge</key> <string>1c19008e0eb20eacc96469d6b9969d0cd451d265</string> <key>GetCACaps</key> <array> <string>POSTPKIOperation</string> <string>Renewal</string> <string>AES</string> <string>SHA-256</string> </array> <key>Key Type</key> <string>RSA</string> <key>Key Usage</key> <integer>5</integer> <key>Keysize</key> <integer>1024</integer> <key>Name</key> <string>CA</string> <key>Subject</key> <array> <array> <array> <string>O</string> <string>Test</string> </array> </array> <array> <array> <string>CN</string> <string>c08b5a65-3802-436e-b756-cb8ab5b47a49</string> </array> </array> </array> <key>URL</key> <string>https://test-demo.link/api/scep</string> </dict> <key>PayloadDescription</key> <string>Test</string> <key>PayloadDisplayName</key> <string>Test</string> <key>PayloadIdentifier</key> <string>localhost.encryption-cert-request</string> <key>PayloadOrganization</key> <string>Test</string> <key>PayloadType</key> <string>com.apple.security.scep</string> <key>PayloadUUID</key> <string>01efd239-4749-408d-9eed-1bcfa47e0652</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Test</string> <key>PayloadDisplayName</key> <string>Test</string> <key>PayloadIdentifier</key> <string>localhost.mdm</string> <key>PayloadOrganization</key> <string>Test</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>316ad943-367e-49f5-8248-68630ff1e7c4</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

I see, declaration-items only needs to return a set of Identifier and ServerToken, and then sends a payload for each requested parameter. I will check it.

Currently, there is no method to give an activation code, and EDIeSIM If you registered at the time of application, you were able to authenticate. I'll end this part for now.