Deploying iPads using apple managed ID's?

I’m completely out of my depth here, but I’m attempting to deploy some iPads using the Apple DEP and could use a little help.

I have all the certificates/tokens set up between Itarian and the Apple Business Manager.

I’ve assigned Itarian as the MDM server in Apple Business Manager to the devices.

I’ve created and published a DEP profile in Itarian.

I assign that profile to a device and sync with DEP.

When going through initial setup on the device, I need to enter login credentials for the remote management.

    Question 1: Is this credentials for an end user that I need to create in the Itarian back end, or is this administrator credentials?

The only credentials I’ve had luck with are for an administrator account, however, I receive an error saying:

    The configuration for your iPad could not be downloaded from [my company] - Invalid Profile

    Question 2: What am I missing here?

UPDATE: so I was finally able to initialize the device with the profile, so maybe it takes a while for the sync with DEP to do it’s thing?

HOWEVER: managed apple ID’s are not allowed to make purchases in the app store so the MDM Endpoint Manager can’t download…

    Question 3: How do I get the Endpoint Manager loaded so that I can enroll the devices??