Integrating with Apple's Device Enrollment

The Device Enrollment settings allow you to integrate with Apple’s Device Enrollment (formerly DEP). This is the first step to enrolling a device with Jamf Pro using a PreStage enrollment. After Jamf Pro is integrated with Device Enrollment, you can use Jamf Pro to configure enrollment and device setup settings.

To integrate with Device Enrollment, you need to do the following:

  1. Download a public key (.pem) from Jamf Pro.

  2. Obtain a server token file (.p7m) from Apple.

  3. Upload the server token file to Jamf Pro to configure a Device Enrollment instance.

Requirements

To obtain the server token file from Apple, you need an Apple Deployment Programs account and the Administrator or Device Manager role assigned.

For more information about Device Enrollment, accounts, and roles, see the following websites:

Downloading a Public Key

Before you can obtain the server token file from Apple, you need to download a public key from Jamf Pro.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/17105110/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/48824512/Device_Enrollment_Program.png .

  5. Click Public Key to download the public key.

The public key (.pem) is downloaded immediately.

Obtaining the Server Token File

To download the server token file, you need to upload your public key to the deployment program instance.

  1. Log in to the deployment portal, such as Apple School Manager or Apple Business Manager.

  2. (Optional) Follow the onscreen instructions to verify your identity.

  3. In the sidebar, click Settings.

  4. In the Institution Settings section, click Device Management Settings.

  5. Click Add MDM Server.

  6. In the MDM Server Name field, enter the name for your server.

  7. Click Choose File, and then upload the public key (.pem) you downloaded from Jamf Pro.

  8. Click Save.

  9. Click Download Token to download the server token file (.p7m).

Uploading the Server Token File to Configure Device Enrollment

This process creates one Device Enrollment instance in Jamf Pro. To meet the needs of your organization, you can repeat the process to create multiple instances.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/48824512/Settings_Icon.png .

  3. Click Global Management.

  4. Click Device Enrollment Program images/download/thumbnails/48824512/Device_Enrollment_Program.png .

  5. Click New images/download/thumbnails/17105124/Icon_New_Button.png .

  6. Enter a display name for the Device Enrollment instance.

  7. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. This creates one instance of the program in Jamf Pro.
    The information contained in the server token file is displayed.

  8. (Optional) Choose a supervision identity to associate with the Device Enrollment instance. For more information, see Supervision Identities.

  9. Click Save.

  10. To configure another instance, repeat steps 5-9.

Further Considerations

  • Jamf Pro automatically refreshes information in the Device Enrollment instance. If there is updated information in Apple School Manager or Apple Business Manager, this information is displayed in Jamf Pro. This information is automatically refreshed every five minutes.

    Note: There can be up to a five minute delay on the information refresh which can result in outdated information displayed in Jamf Pro. In addition, environment-specific factors can affect the refresh of information.

  • If you upload a new server token file (.p7m) to renew an expired Device Enrollment instance, it is recommended that you do not delete the expired instance from Jamf Pro before uploading the new server token file.

  • Deleting a Device Enrollment instance removes the instance from Jamf Pro but does not delete the settings in Apple School Manager or Apple Business Manager.

  • If necessary, you can remove a device from Apple's deployment program by releasing the device using Apple's deployment portals. Releasing a device that is currently enrolled with Jamf Pro does not remove the device from Jamf Pro.
    For detailed information on releasing devices, see Apple's documentation:

    • Release devices
      Find out how to remove devices in Apple School Manager.

    • Release devices
      Find out how to remove devices in Apple Business Manager.

    • Release devices
      Find out how to remove devices from the Device Enrollment Program.

Related Information

For related information, see the following Jamf Knowledge Base videos:

For related information, see the following sections in this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.