User-Initiated Enrollment for Mobile Devices

You can allow users to enroll mobile devices by having them log in to an enrollment portal where they are prompted to install the necessary profile and certificates.

To direct users to the enrollment portal, you need to provide them with the enrollment URL. The enrollment URL is the full URL for the Jamf Software Server (JSS) followed by “/enroll”. For example:

https://jss.mycompany.com:8443/enroll

You can provide the enrollment URL to users by doing the following:

  • Provide the URL in the way that best fits your environment
    Simply provide the URL to users in the way that best fits your needs. You can add a mobile device to a site when using this method.

  • Send an enrollment invitation to users via email or SMS
    This allows you create an email or SMS invitation in the JSS and send it to one or more users. It gives you more control over user access to the enrollment portal by allowing you to do the following:

    • Set an expiration date for the invitation

    • Require users to log in to the portal

    • Allow multiple uses of the invitation

    • Add the mobile device to a site during enrollment

    • View the status of the invitation

    Note: Mobile device enrollment invitations cannot be sent to personally owned devices. You must provide the enrollment URL to those users by some other means.

Users can log in to the enrollment portal using an LDAP directory account or a JSS user account. When a user logs in with an LDAP directory account, user and location information is submitted to the JSS during enrollment. When a user logs in with a JSS user account, it allows an LDAP user to be assigned to the mobile device.

Requirements

To allow mobile devices to be enrolled with user-initiated enrollment, you need:

Note: For mobile devices with iOS 10.3 or later, Apple has enabled an important security enhancement that requires untrusted root certificates installed manually on unsupervised iOS devices to be manually trusted in Certificate Trust Settings during user-initiated enrollment, or installation of the MDM profile will fail. For more information, see the following Knowledge Base article:
Changes in User-Initiated Enrollment with Untrusted Certificate Authority (CA) Signed SSL Certificates in iOS 10.3 and Later .

To send a mobile device enrollment invitation via email or SMS, you need an SMTP server set up in the JSS. (For more information, see Integrating with an SMTP Server.)

For users to log in to the enrollment portal with an LDAP directory account, you need an LDAP server set up in the JSS. (For more information, see Integrating with LDAP Directory Services.)

Sending a Mobile Device Enrollment Invitation for User-Initiated Enrollment

You can send an email or SMS invitation that contains the enrollment URL from the JSS. Users click the enrollment URL in the email or SMS message to access the enrollment portal.

Before you configure the invitation, make sure you have the email addresses or phone numbers of the users you want to send the invitation to.

  1. Log in to the JSS with a web browser.

  2. Click Mobile Devices at the top of the page.

  3. Click Enrollment Invitations.

  4. Click New images/download/thumbnails/16433379/New_icon.png .

  5. Select User-Initiated Enrollment as the enrollment method.

  6. Follow the onscreen instructions to send the enrollment invitation.

An enrollment invitation is immediately sent to the email addresses or phone numbers you specified.

You can view the status of the enrollment invitation in the list of invitations.

Viewing Mobile Device Enrollment Invitation Usage

You can view a list of mobile devices that were enrolled with a specific enrollment invitation.

  1. Log in to the JSS with a web browser.

  2. Click Mobile Devices at the top of the page.

  3. Click Enrollment Invitations.

  4. Click the enrollment invitation you want to view usage for.

  5. Click View Enrolled Mobile Devices.

A list of mobile devices enrolled with the invitation is displayed.

Related Information

For related information, see the following sections in this guide:

For related information, see the following Knowledge Base article:

Components Installed on Mobile Devices
Learn about the components installed on mobile devices during enrollment.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.