Integrating with the Device Enrollment Program

The Device Enrollment Program settings allow you to integrate with Apple’s Device Enrollment Program (DEP), part of Apple Deployment Programs. Integrating with DEP is the first step to enrolling a device with the Jamf Software Server (JSS) using a PreStage enrollment. After the JSS is integrated with DEP, you can use the JSS to configure enrollment and device setup settings.

To integrate with DEP, you need to do the following:

  1. Download a public key (.pem) from the JSS.

  2. Obtain a server token file (.p7m) from Apple.

  3. Upload the server token file to the JSS to configure an instance of DEP.

For more information about DEP, see the following websites:

Requirements

To obtain a server token file from Apple, you need an Apple Deployment Programs account. You can apply for an account at:
https://deploy.apple.com

Downloading a Public Key

Before you can obtain the server token file from Apple, you need to download a public key from the JSS.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/14455274/Settings_icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/14455274/Device_Enrollment_Program.png .

  5. Click Public Key to download the public key.

The public key (.pem) is downloaded immediately.

Obtaining the Server Token File

To download the server token file, you need to upload your public key to the Apple Deployment Program website.

  1. Log in to the Apple Deployment Program website at http://deploy.apple.com.

  2. In the sidebar, select Device Enrollment Program images/download/thumbnails/14455274/Device_Enrollment_Program.png .

  3. Follow the onscreen instructions to verify your identity.

  4. In the sidebar, select Manage Servers, and then click Add MDM Server.

  5. Enter a name for your MDM server, and then click Next.

  6. Click Choose File, and then upload the public key (.pem) you downloaded from the JSS.

  7. Click Next to download the server token file (.p7m).

The server token file (.p7m) is downloaded immediately.

Uploading the Server Token File to Configure an Instance of DEP

This process creates one instance of DEP in the JSS. To meet the needs of your organization, you can repeat the process to create multiple instances of DEP.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/14455274/Settings_icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/14455274/Device_Enrollment_Program.png .

  5. Click New images/download/thumbnails/14455274/New_icon.png .

  6. Enter a display name for the DEP instance.

  7. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. This creates one instance of the program in the JSS.
    The information contained in the server token file is displayed.

  8. (Optional) Choose a supervision identity to associate with the DEP instance. (For more information, see Supervision Identities.)

  9. Click Save.

  10. To configure another instance of DEP, repeat steps 5-9.

Refreshing DEP Instance Information

The JSS allows you to manually refresh information in the DEP instance as needed.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/14455274/Settings_icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/14455274/Device_Enrollment_Program.png .
    A list of program instances is displayed.

  5. Click the program instance you want to refresh.

  6. Click Refresh.

If there is updated information in DEP, this information is displayed in the JSS.

Further Considerations

  • If you upload a new server token file (.p7m) to renew an expired DEP instance, it is recommended that you do not delete the expired instance from the JSS before uploading the new server token file.

  • Deleting a DEP instance removes the instance from the JSS but does not delete the settings in DEP.

  • If necessary, you can remove a device from DEP by disowning the device using the Apple Deployment Programs website. Disowning a device that is currently enrolled with the JSS does not remove the device from the JSS. For detailed information on disowning devices, see Apple Deployment Programs Help at:
    https://help.apple.com/deployment/business/

Related Information

For related information, see the following sections in this guide:

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.