User-Initiated Enrollment Experience for Mobile Devices

When a user accesses the enrollment URL from a mobile device, they are guided through a series of steps to enroll the device. The steps vary depending on the platform of the device being enrolled—iOS or Android.

User-Initiated Enrollment Experience for iOS Devices

iOS devices can be enrolled as institutionally owned or personally owned devices.

Note: Apple has enabled an important security enhancement beginning with iOS 10.3. This security enhancement requires untrusted root certificates installed manually on unsupervised iOS devices to be manually trusted in Certificate Trust Settings during user-initiated enrollment, or installation of the MDM profile will fail. For more information, see the following Knowledge Base article:
Changes in User-Initiated Enrollment with Untrusted Certificate Authority (CA) Signed SSL Certificates in iOS 10.3 and Later .

  1. The user is prompted to enter credentials for an LDAP directory account or a Jamf Pro user account with user-initiated enrollment privileges, and then they must tap Log in.
    The login prompt is not displayed if the enrollment portal was accessed via an enrollment invitation for which the Require Login option is disabled. (For more information about enrollment invitations, see User-Initiated Enrollment for Mobile Devices.)
    images/download/attachments/16439976/Site.png

    If notified that the device cannot verify the identity of the Jamf Pro server, the user must tap Continue to log in to the enrollment portal.
    This notification only appears if the SSL certificate is not natively trusted by the device.

    images/download/attachments/16439976/No-SSL.png
  2. The user is prompted to enroll the device as a personally owned device or an institutionally owned device.
    This is only displayed if both institutionally owned device enrollment and personally owned device enrollment are enabled in Jamf Pro.
    images/download/attachments/16439976/Choice.png

    You can display a description to users who enroll a personally owned device. (For more information, see User-Initiated Enrollment Settings.)

    images/download/attachments/16439976/Personally-Owned.png

    You can display a description to users who enroll an institutionally owned device.
    images/download/attachments/16439976/Institutionally-Owned.png

  3. When prompted, the user must choose the site that they are associated with.
    If the user is associated with multiple sites, they must select the site that will assign the appropriate settings to the device.
    If the user signed in with a Jamf Pro user account, they can assign an LDAP user to the computer at this time.

    images/download/attachments/16439976/Site0.png
  4. The user is prompted to continue to the CA certificate installation.
    images/download/attachments/16439976/CA_Continue.png

    Note: For mobile devices with iOS 11, a pop-up window will appear notifying users, “This website is trying to open Settings to show you a configuration profile. Do you want to allow this?” The user must tap Allow.

  5. The user must tap Install to continue.

    images/download/attachments/16439976/Install_root_certificate_2.png
  6. When notified that the profile will change settings on the device, the user must tap Install.
    If the device has a passcode, the user must enter the passcode.
    images/download/attachments/16439976/Install_root_certificate_3_warning.png

  7. To complete the installation, the user must tap Done.

    images/download/attachments/16439976/Root_certificate_installed.png
  8. The user is prompted to continue to the MDM profile installation.
    Information about enrollment can be accessed by tapping the Information icon.

    images/download/attachments/16439976/MDM-Personal.png

    Note: For mobile devices with iOS 11, a pop-up window will appear notifying users, “This website is trying to open Settings to show you a configuration profile. Do you want to allow this?” The user must tap Allow.

  9. The user must tap Install to continue.

    images/download/attachments/16439976/Install_MDM_profile_2.png
  10. When notified that installing the profile will change settings on the device, the user must tap Install Now.
    If the device has a passcode, the user must enter the passcode.
    images/download/attachments/16439976/Install_MDM_profile_3.png

  11. When notified that installing the profile will allow an administrator to remotely manage the device, the user must tap Install.

    images/download/attachments/16439976/Install_MDM_profile_4_warning.png
  12. To complete the enrollment process, the user must tap Done.
    images/download/attachments/16439976/MDM_profile_installed.png

    When the enrollment is complete, the device is enrolled with Jamf Pro.

    images/download/attachments/16439976/Enrollment_complete.png

    If you chose to install Self Service for iOS, users are prompted to install the app from the App Store. (For more information, see Self Service Mobile.)
    images/download/attachments/16439976/Self-Service-Install.png

User-Initiated Enrollment Experience for Android Devices

Android devices can only be enrolled as personally owned devices.

During user-initiated enrollment of an Android device, the user is required to install Self Service Mobile from Google Play. Self Service Mobile must remain installed on an enrolled Android device to keep the device managed by Jamf Pro.

  1. The user is prompted to enter credentials for an LDAP directory account or a Jamf Pro user account with user-initiated enrollment privileges, and then they must tap Log In.

  2. If prompted, the user must choose the site that they are associated with.
    If the user is associated with multiple sites, they must select the site that will assign the appropriate settings to the device.
    images/download/attachments/16439976/1.png

  3. The user is prompted to go to Google Play to install Self Service Mobile, and then return to the enrollment portal.
    Note: If the user already has Self Service Mobile installed, they can skip the app installation step.

    images/download/attachments/16439976/2.png
  4. If the user goes to Google Play to install Self Service Mobile, they must tap Install to start the app installation process.
    images/download/attachments/16439976/3.png

  5. The user must then tap Accept to install Self Service Mobile.

    images/download/attachments/16439976/4.png
  6. When the Self Service Mobile installation is complete, the user must return to the enrollment portal in their web browser.
    Note: If the user taps Open in Google Play to open Self Service Mobile, a welcome page directs the user to return to their web browser to continue enrollment. If the user knows the Jamf Pro URL to use for enrollment, they can tap Manually Enroll Using Jamf Pro URL and complete enrollment in Self Service Mobile.

  7. The user is prompted to continue to the MDM profile installation.
    The user can access information about enrollment by tapping the Information icon.

    images/download/attachments/16439976/5.png

    If notified that the device cannot verify the server's identity, the user must tap Yes to log in to the enrollment portal.
    This notification only appears if the SSL certificate is not natively trusted by the device.
    images/download/attachments/16439976/11.png

    The Self Service Mobile enrollment progress page is displayed.

    images/download/attachments/16439976/7.png
  8. When prompted to activate Self Service Mobile as a device administrator, the user must tap Activate.
    images/download/attachments/16439976/8.png

    When enrollment is complete, the device is enrolled with Jamf Pro.

  9. (Optional) The user can tap Continue to install third-party apps if appropriate for their environment.

    images/download/attachments/16439976/9.png

    The user can then install apps for configuring email, calendar, and contacts, and for configuring a VPN connection.
    images/download/attachments/16439976/10.png

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.