Integrating with the Device Enrollment Program

The Device Enrollment Program settings allow you to integrate with Apple’s Device Enrollment Program (DEP), part of Apple Deployment Programs. Integrating with DEP is the first step to enrolling a device with Jamf Pro using a PreStage enrollment. After Jamf Pro is integrated with DEP, you can use Jamf Pro to configure enrollment and device setup settings.

To integrate with DEP, you need to do the following:

  1. Download a public key (.pem) from Jamf Pro.

  2. Obtain a server token file (.p7m) from Apple.

  3. Upload the server token file to Jamf Pro to configure an instance of DEP.

For more information about DEP, see the following websites:

Requirements

To obtain a server token file from Apple, you need an Apple Deployment Programs account. You can apply for an account at:
https://deploy.apple.com

Downloading a Public Key

Before you can obtain the server token file from Apple, you need to download a public key from Jamf Pro.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/17105110/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/16442314/Device_Enrollment_Program.png .

  5. Click Public Key to download the public key.

The public key (.pem) is downloaded immediately.

Obtaining the Server Token File

To download the server token file, you need to upload your public key to the Apple Deployment Program website.

  1. Log in to the Apple Deployment Program website at http://deploy.apple.com.

  2. In the sidebar, select Device Enrollment Program images/download/thumbnails/16442314/Device_Enrollment_Program.png .

  3. Follow the onscreen instructions to verify your identity.

  4. In the sidebar, select Manage Servers, and then click Add MDM Server.

  5. Enter a name for your MDM server, and then click Next.

  6. Click Choose File, and then upload the public key (.pem) you downloaded from Jamf Pro.

  7. Click Next to download the server token file (.p7m).

The server token file (.p7m) is downloaded immediately.

Uploading the Server Token File to Configure an Instance of DEP

This process creates one instance of DEP in Jamf Pro. To meet the needs of your organization, you can repeat the process to create multiple instances of DEP.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16442314/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/16442314/Device_Enrollment_Program.png .

  5. Click New images/download/thumbnails/17105124/Icon_New_Button.png .

  6. Enter a display name for the DEP instance.

  7. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. This creates one instance of the program in Jamf Pro.
    The information contained in the server token file is displayed.

  8. (Optional) Choose a supervision identity to associate with the DEP instance. (For more information, see Supervision Identities.)

  9. Click Save.

  10. To configure another instance of DEP, repeat steps 5-9.

Refreshing DEP Instance Information

Jamf Pro allows you to manually refresh information in the DEP instance as needed.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16442314/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/16442314/Device_Enrollment_Program.png .
    A list of program instances is displayed.

  5. Click the program instance you want to refresh.

  6. Click Refresh.

If there is updated information in DEP, this information is displayed in Jamf Pro.

Further Considerations

  • If you upload a new server token file (.p7m) to renew an expired DEP instance, it is recommended that you do not delete the expired instance from Jamf Pro before uploading the new server token file.

  • Deleting a DEP instance removes the instance from Jamf Pro but does not delete the settings in DEP.

  • If necessary, you can remove a device from DEP by disowning the device using the Apple Deployment Programs website. Disowning a device that is currently enrolled with Jamf Pro does not remove the device from Jamf Pro. For detailed information on disowning devices, see Apple Deployment Programs Help at:
    https://help.apple.com/deployment/business/

Related Information

For related information, see the following sections in this guide:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.