In macOS Catalina (10.15), Apple introduces a new method of Secure Token enablement called Bootstrap Token. This is a new MDM-based feature that automatically provides a Secure Token on all mobile accounts. Addigy MDM solution supports the Bootstrap Token and can provide SecureToken to a mobile user account. This is a seamless process with a small subset of requirements outlined below. The Bootstrap Token does not require additional MDM Configurations to be deployed. Note: This process does not affect or apply to how a local user obtains a Secure Token.

Device Requirements

  • macOS Catalina 10.15+
  • Enrolled via Automated Device Enrollment (Addigy's Apple Business Manager, or Apple School Manager, integration is required)
  • Must be bound to a directory service like Active Directory.
  • A Managed Administrator account must be created. 

NOTE: In macOS Catalina 10.15.4 or later, any user created during the Automated Device Enrollment process can escrow the bootstrap token.

Configuration Requirements

While there are no additional configurations needed on the Addigy platform, outside of Automated Device Enrollment, there are some additional considerations on the device that need to be considered. 

Troubleshooting Tips

You can confirm if the Bootstrap Token is on the device by running the following command on the macOS device:

sudo profiles status -type bootstraptoken

The following output should be shown if the Bootstrap Token is enabled properly.

profiles: Bootstrap Token supported on server: YES
profiles: Bootstrap Token escrowed to server: YES

To check if the user has a Bootstrap Token. Run the following command: 

diskutil apfs listcryptousers /


If you have an Addigy account and have additional questions, you can create a ticket by emailing

Alternatively, you can submit a support request within Addigy.