Computer PreStage Enrollments

A PreStage enrollment allows you to store enrollment and Mac computer setup settings in the Jamf Software Server (JSS) and use them to enroll new Mac computers with the JSS. This reduces the amount of time and interaction it takes to prepare Mac computers for use.

Before you can use a PreStage enrollment, you need to integrate the JSS with the Device Enrollment Program (DEP). This creates an instance of DEP in the JSS. (For more information, see Integrating with the Device Enrollment Program.) Only computers associated with a DEP instance can be enrolled with the JSS using a PreStage enrollment.

After creating a DEP instance, you need to create a PreStage enrollment in the JSS for the computers you want to enroll. Creating a PreStage enrollment allows you to configure the enrollment settings and customize the user experience of the Setup Assistant. You can also specify the computers that should be enrolled using the PreStage enrollment. In addition, you can specify that computers newly associated with the DEP instance be automatically added to the PreStage enrollment.

You can require users to authenticate during computer setup using an LDAP directory account or a JSS user account. If users authenticate with an LDAP directory account, user and location information is submitted during enrollment.

When computers with macOS 10.10 or later are enrolled using a PreStage enrollment, they are also automatically managed if user-initiated enrollment is enabled for macOS in the JSS. When enabled, User-Initiated Enrollment settings apply to computer PreStage enrollments, including management account and QuickAdd package settings, and whether to automatically launch Self Service. (For more information, see User-Initiated Enrollment Settings and Installing Self Service on Computers.)

Computers with macOS 10.9 or earlier (and computers with macOS 10.10 or later if user-initiated enrollment is not enabled) can be managed using one of the following methods after they are enrolled with the JSS using a PreStage enrollment:

Requirements

To enroll a computer using a PreStage enrollment, the computer must be connected to the Internet during the Setup Assistant.

To require LDAP users or JSS users to authenticate during setup, you need an LDAP server set up in the JSS. (For more information, see Integrating with LDAP Directory Services.)

Configuring a Computer PreStage Enrollment

  1. Log in to the JSS with a web browser.

  2. Click Computers at the top of the page.

  3. Click PreStage Enrollments.

  4. Click New images/download/thumbnails/16433048/New_icon.png .

  5. Use the General payload to configure basic settings for the PreStage enrollment and customize the user experience of the Setup Assistant.
    To customize the user experience of the Setup Assistant, select which steps you want to skip in the Setup Assistant. If you choose to skip steps, the user can enable these settings after the computer is configured unless otherwise restricted.

  6. (Optional) Use the Account Settings payload to specify the accounts to create for computers with macOS 10.10 or later if they are enrolled via a PreStage enrollment and user-initiated enrollment for macOS is enabled in the JSS.
    Note: If a computer is not bound to a directory service, only the management account and the first local administrator account created for that computer can log in to the computer.

  7. (Optional) Use the User and Location payload to specify user and location information for the computers.
    This information is stored in the JSS for each computer enrolled using a PreStage enrollment.
    Note: The User and Location Information payload is only displayed if the Require Authentication checkbox is not selected.

  8. (Optional) Use the Passcode payload to specify passcode requirements for the computers.

  9. (Optional) Use the Purchasing payload to specify purchasing information for the computers.
    This information is stored in the JSS for each computer enrolled using a PreStage enrollment.

  10. (Optional) Use the Attachments payload to upload attachments to store for computers.
    This information is stored in the JSS for each computer enrolled using a PreStage enrollment.

  11. If the SSL certificate you are using is signed by an external CA (your organization's CA or a trusted third-party CA), use the Certificates payload to upload a certificate for the CA that you want computers to trust at enrollment.
    Note: The anchor certificate is only displayed if the SSL certificate you are using is signed by the JSS’s built-in CA.

  12. (Optional) Use the Directory payload to choose a directory server for the computers.

  13. Click the Scope tab and configure the scope of the PreStage enrollment by selecting the checkbox next to each computer you want to add to the scope.
    The computers listed on the Scope tab are the computers that are associated with the Device Enrollment Program (DEP) via the server token file (.p7m) you downloaded from the Apple Deployment Programs website.
    Note: If you want to add computers to the scope automatically as they become associated with the DEP instance, select the Automatically assign new devices checkbox in the General payload.

  14. Click Save.

Refreshing PreStage Enrollment Information

The JSS allows you to manually refresh information about the computers in the PreStage enrollment as needed.

  1. Log in to the JSS with a web browser.

  2. Click Computers at the top of the page.

  3. Click PreStage Enrollments.

  4. Click the PreStage enrollment you want to refresh.

  5. Click Refresh.

If there is updated information about the computers in DEP, this information is displayed in the JSS.

Further Considerations

When cloning a PreStage enrollment, computers in the scope of the original PreStage enrollment are not included in the scope of the cloned PreStage enrollment.

Related Information

For related information, see the following section in this guide:

Integrating with the Device Enrollment Program
Find out how to configure an instance of DEP.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.