Navigate to Setup > App Administration > Client Manager > VPP Token and click New.

1. Enter the token in the Token Source field.
2. Click Test to decode the value from Token Source field so you can review the token’s expiration date and organization name.
3. Click Save.

Note: At any given time only 1 VPP token can exist. Adding a new token will always result in updating the existing one.

Security around VPP service is designed in a way that if you have read access to the VPP Tokens table (mdm_vpp_token) then you can manage licenses using Managed Distribution. By default, only admins have such access. This behavior can be changed in Role Management.

All tables engaged in VPP functionality are read-only with restricted access. Entities are added and deleted after synchronization by VPP service only.

During its initial installation, VPP Managed Distribution service creates a new sync job (VPP sync) and notification job (VPP notification job) to monitor the expiration date of the VPP token and it should serve as a reminder that it is time to get a new secure token blob in order to avoid any service disruption.

The VPP sync job runs every 12 hours and synchronizes local data with VPP servers.

If the provided VPP token is within the expiration warning period (currently 15 days before the expiration date), then the VPP Notification Job starts sending warning messages to users specified in Expiration Address field. If Expiration Address is empty then the job sends notification to all users with a role of either admin or cmadmin. Such notifications are sent every day and can be easily turned off by setting Expiration Warning to false.