User-Initiated Enrollment Settings

Enrollment is the process of adding computers and mobile devices to the Jamf Software Server (JSS). This establishes a connection between the computers and mobile devices and the JSS.

User-initiated enrollment allows users to initiate the enrollment process on their own.

Users can enroll the following:

  • Mac computers

  • Institutionally owned iOS devices

  • Personally owned iOS and Android devices

The User-Initiated Enrollment settings allow you to do the following:

  • Enable user-initiated enrollment for the appropriate platforms.

  • Customize text displayed for each step in the enrollment process, including adding different languages.

  • Restrict re-enrollment so that a user is only allowed to re-enroll a computer or mobile device if one of the following conditions is met:

    • The user is a JSS user with the “Computers” or “Mobile Devices” privilege.

    • The username of the user re-enrolling the computer or mobile device matches the Username field in the User and Location category in inventory information.

    • The Username field in the User and Location category in inventory information is blank.

  • Require users to install the CA certificate (mobile devices only).

  • Specify a management account (computers only).

  • Ensure that SSH (Remote Login) is enabled (computers only).

  • Ensure that Self Service is launched after enrollment (computers only).

  • Sign the QuickAdd package used for enrollment (computers only).
    Signing the QuickAdd package ensures that it appears as verified to users who install it. It also allows users to install the QuickAdd package on computers that have Apple’s Gatekeeper feature set to only allow applications downloaded from the Mac App Store and identified developers.
    If you choose to sign the QuickAdd package, you need:

Customizing the User-Initiated Enrollment Experience

You can customize the text displayed in each step of the enrollment experience using Markdown. You can also add different languages.

For information about Markdown, see the following Knowledge Base article:
Using Markdown to Format Text

The following table describes each step that can be customized and the platform each step is displayed on:

Enrollment Step

Description

macOS

Institutionally Owned iOS Devices

Personally Owned
iOS and Android Devices

Login Page

Customize how you want the Login page to be displayed to users.

images/download/thumbnails/16432948/checkmark.png images/download/thumbnails/16432948/spacer.png

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark.png images/download/thumbnails/16432948/spacer.png

Device Ownership

Customize the text that prompts the user to specify the device ownership type if user-initiated enrollment is enabled for both institutionally owned and personally owned devices.

Note: Because Android devices cannot be enrolled as institutionally owned devices, the text, button name, and management description are not displayed to users.

You can also specify the device management description that displays to users to provide custom messaging on the IT management capabilities for each device ownership type.

 

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark0.png

EULA

Enter text for the End User License Agreement (EULA). If the EULA is left blank, it is not displayed to users during enrollment. The EULA is not displayed for users logging in with a JSS user account.

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark.png

Sites

Customize the message that prompts users to choose a site. If a user logs in with a JSS user account, they can assign an LDAP user to the computer or mobile device.

If you have more than one site in the JSS and have entered information on the Messaging Pane in Personal Device Profiles in the JSS, this information is displayed to users when they are prompted to choose a site.
(For more information, see Personal Device Profiles.)

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark0.png

Certificate

Customize the message that prompts users to install the CA certificate for mobile devices to trust at enrollment.

 

images/download/thumbnails/16432948/checkmark0.png

iOS only

Institutional MDM Profile

Customize the message that prompts users to install the MDM profile for institutionally owned devices.

 

 

 

Personal MDM Profile

Customize the message that prompts users to install the MDM profile for personally owned devices.

 

 

iOS only

QuickAdd Package

Customize the message that prompts users to download and install the QuickAdd package.

images/download/thumbnails/16432948/checkmark0.png

 

 

App for Android

Customize the message that prompts users to install Self Service Mobile for Android from Google Play.

 

 

Android only

Complete Page

Customize the messages that are displayed to users if enrollment is successful or if it fails.

images/download/thumbnails/16432948/checkmark0.png

images/download/thumbnails/16432948/checkmark0.png

iOS only

Configuring the User-Initiated Enrollment Settings

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/16432948/Settings_icon.png .

  3. Click Global Management.

  4. Click User-Initiated Enrollment images/download/thumbnails/16432948/User_Initiated_Enrollment.png .

  5. Click Edit.

  6. Use the General pane to restrict re-enrollment and to skip certificate installation.

  7. Use the Messaging pane to customize the text displayed during the enrollment experience and add languages.
    Note: English is the default language if the computer or mobile device does not have a preferred language set on it.

    • To add a language, click Add images/download/thumbnails/16432948/New_icon.png and then choose the language from the Language pop-up menu.
      You can repeat this process as needed for other languages.

    • To customize the text for a language already listed, click Edit or View depending on what's displayed. Then click Done.

  8. Use the Platforms pane to enable user-initiated enrollment and configure the enrollment settings for each platform as needed.

  9. Use the Access pane to choose the site you want to display to LDAP user groups during enrollment. Then, click Done.
    If an LDAP user belongs to more than one LDAP user group in the JSS, the user will have the option to select the sites you assign to each group that user belongs to.

  10. Click Save.

Related Information

For related information, see the following sections in this guide:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.