User-Initiated Enrollment Experience for Mobile Devices

When a user accesses the enrollment URL from a mobile device using Safari, they are guided through a series of steps to enroll the device.

iOS devices can be enrolled as institutionally owned or personally owned devices. Personally owned devices are enrolled using User Enrollment or Personal Device Profiles. For more information, see User-Initiated Enrollment Settings and Personal Device Profiles.

  1. The admin must enter their Jamf Pro account credentials on the user's mobile device to allow users to enroll the device in Jamf Pro.

    Note: If notified that the device cannot verify the identity of the Jamf Pro server when navigating to the enrollment URL, the user must proceed to the website to log in to the enrollment portal. This notification only appears if the Jamf Pro server uses an untrusted SSL certificate.

    images/download/attachments/79174728/Admin_login.png

    Note: You can create a Jamf Pro user account specifically for enrolling devices via user-initiated enrollment by creating an account with only enrollment privileges.

  2. The user is prompted to enter credentials for an LDAP directory account or a Jamf Pro user account with user-initiated enrollment privileges, and then they must tap Log in.
    The login prompt is not displayed if the enrollment portal was accessed via an enrollment invitation for which the Require Login option is disabled. For more information about enrollment invitations, see User-Initiated Enrollment for Mobile Devices.

    images/download/attachments/79174728/Assign_to_user.png

  3. The user is prompted to enroll the device as a personally owned device or an institutionally owned device.
    This step is only displayed if both institutionally owned device enrollment and personally owned device enrollment are enabled in Jamf Pro.

    images/download/attachments/79174728/institutional_personal.png

    You can display a description to users who enroll a personally owned device. (For more information, see User-Initiated Enrollment Settings.)

    images/download/attachments/79174728/personal_description.png

    You can display a description to users who enroll an institutionally owned device.

    images/download/attachments/79174728/institutional_description.png

  4. When prompted, the user must choose the site that they are associated with.
    If the user is associated with multiple sites, they must select the site that will assign the appropriate settings to the device.
    If the user signed in with a Jamf Pro user account, they can assign an LDAP user to the device at this time.

    Note: To assign a user to a device, the Jamf Pro user account must have the "Assign Users to Mobile Devices" privilege.

    images/download/attachments/79174728/Site.png

  5. The user is prompted to continue to the CA certificate installation.
    images/download/attachments/79174728/CA_cert_continue.png

    Note: For mobile devices with iOS 11 or later, a pop-up window will appear notifying users, “This website is trying to open Settings to show you a configuration profile. Do you want to allow this?” The user must tap Allow. For devices with iOS 12.2 or later, an additional message is displayed notifying users, "Complete installation of this profile in the Settings app." The user must tap Close, and then navigate to the Settings app to complete the installation.

  6. The user must tap Install to continue.

    images/download/attachments/79174728/CA_cert_install_2.PNG

  7. When notified that the profile will change settings on the device, the user must tap Install.
    If the device has a passcode, the user must enter the passcode.

    images/download/attachments/79174728/CA_cert_Warning.png

  8. To complete the installation, the user must tap Done.

    images/download/attachments/79174728/CA_cert_Done.png

  9. (Personal device User Enrollment only) The user is prompted to enter their Managed Apple ID to install the MDM profile.
    images/download/attachments/79174728/Enter_MAID.png

  10. The user is prompted to continue to the MDM profile installation.
    Information about enrollment can be accessed by tapping the Information icon.
    images/download/attachments/79174728/Continue_MDM.png

    Note: For mobile devices with iOS 11 or later, a pop-up window will appear notifying users, “This website is trying to open Settings to show you a configuration profile. Do you want to allow this?” The user must tap Allow. For devices with iOS 12.2 or later, an additional message is displayed notifying users, "Complete installation of this profile in the Settings app." The user must tap Close, and then navigate to the Settings app to complete the installation.

  11. (Personal device User Enrollment only) The user taps Enroll My iPad or Enroll My iPhone to continue.
    images/download/attachments/79174728/MAID_enroll.png

    The user taps Continue to proceed to the Managed Apple ID sign in page. The user is then prompted to enter the password for their Managed Apple ID.
    The sign in page will vary depending on if the Managed Apple IDs were created manually or were created using federated authentication.
    images/download/attachments/79174728/MAID_Continue.png

    Note: Because the MDM profile installs automatically on the user's device after they enter their Managed Apple ID password, users enrolling their devices using User Enrollment do not install the MDM profile as shown in steps 12 through 15.

  12. The user must tap Install to continue.

    images/download/attachments/79174728/MDM_install.PNG
  13. When notified that installing the profile will change settings on the device, the user must tap Install.
    If the device has a passcode, the user must enter the passcode.

    images/download/attachments/79174728/MDM_2nd_install.PNG

  14. When notified that installing the profile will allow an administrator to remotely manage the device, the user must tap Install.

    images/download/attachments/79174728/Profile_Warning.png

  15. To complete the enrollment process, the user must tap Done.

    images/download/attachments/79174728/MDM_Profile_Done.png

  16. When the enrollment is complete, the device is enrolled with Jamf Pro.
    images/download/attachments/79174728/UIE_Complete.png

    If you chose to install Self Service for iOS, users are prompted to install the app from the App Store. For more information, see Jamf Self Service for iOS.
    images/download/attachments/79174728/Self_Service_Install.png

    Note: Apple has enabled an important security enhancement beginning with iOS 10.3. This security enhancement requires untrusted root certificates installed manually on unsupervised iOS devices to be manually trusted in Certificate Trust Settings during user-initiated enrollment, or installation of the MDM profile will fail. For more information, see the Changes in User-Initiated Enrollment with Untrusted Certificate Authority (CA) Signed SSL Certificates in iOS 10.3 and Later Knowledge Base article.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.