Integrating with Automated Device Enrollment

The Automated Device Enrollment settings allow you to integrate with Automated Device Enrollment (formerly DEP). This is the first step to enrolling a device with Jamf Pro using a PreStage enrollment. After Jamf Pro is integrated with Automated Device Enrollment, you can use Jamf Pro to configure enrollment and device setup settings.

To integrate with Automated Device Enrollment, you need to do the following:

  1. Download a public key (.pem) from Jamf Pro.

  2. Obtain a server token file (.p7m) from Apple.

  3. Upload the server token file to Jamf Pro to configure an Automated Device Enrollment instance.

Requirements

To obtain the server token file from Apple, you need an Apple School Manager or Apple Business Manager account and the Administrator or Device Manager role assigned.

For more information about Automated Device Enrollment, accounts, and roles, see the following websites:

Downloading a Public Key

Before you can obtain the server token file from Apple, you need to download a public key from Jamf Pro.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/17105110/Settings_Icon.png .

  3. Click Global Management.

  4. Click Automated Device Enrollment images/download/thumbnails/79182913/Device_Enrollment_Program.png .

  5. Click Public Key to download the public key.

The public key (.pem) is downloaded immediately.

Obtaining the Server Token File

To download the server token file, you need to upload your public key to the deployment program instance.

  1. Log in to the deployment portal, such as Apple School Manager or Apple Business Manager.

  2. (Optional) Follow the onscreen instructions to verify your identity.

  3. In the sidebar, click Settings.

  4. In the Institution Settings section, click Device Management Settings.

  5. Click Add MDM Server.

  6. In the MDM Server Name field, enter the name for your server.

  7. Click Choose File, and then upload the public key (.pem) you downloaded from Jamf Pro.

  8. Click Save.

  9. Click Download Token to download the server token file (.p7m).

Uploading the Server Token File to Configure Automated Device Enrollment

This process creates one Automated Device Enrollment instance in Jamf Pro. To meet the needs of your organization, you can repeat the process to create multiple instances.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/79182913/Settings_Icon.png .

  3. Click Global Management.

  4. Click Automated Device Enrollment images/download/thumbnails/79182913/Device_Enrollment_Program.png .

  5. Click New images/download/thumbnails/17105124/Icon_New_Button.png .

  6. Enter a display name for the Automated Device Enrollment instance.

  7. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. This creates one instance of the program in Jamf Pro.
    The information contained in the server token file is displayed.

  8. (Optional) Choose a supervision identity to associate with the Automated Device Enrollment instance. For more information, see Supervision Identities.

  9. Click Save.

  10. To configure another instance, repeat steps 5-9.

Further Considerations

  • Jamf Pro automatically refreshes information in the Automated Device Enrollment instance. If there is updated information in Apple School Manager or Apple Business Manager, this information is displayed in Jamf Pro. This information is automatically refreshed every five minutes.

    Note: There can be up to a five minute delay on the information refresh which can result in outdated information displayed in Jamf Pro. In addition, environment-specific factors can affect the refresh of information.

  • If you upload a new server token file (.p7m) to renew an expired Automated Device Enrollment instance, it is recommended that you do not delete the expired instance from Jamf Pro before uploading the new server token file.

  • Deleting an Automated Device Enrollment instance removes the instance from Jamf Pro but does not delete the settings in Apple School Manager or Apple Business Manager.

  • If necessary, you can remove a device from Apple School Manager or Apple Business Manager by releasing the device using Apple's deployment portals. Releasing a device that is currently enrolled with Jamf Pro does not remove the device from Jamf Pro.
    For detailed information on releasing devices, see Apple's documentation:

Related Information

For related information, see the following Jamf Knowledge Base videos:

For related information, see the following sections in this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.