Integrating with Automated Device Enrollment

Enrollment is the process of adding computers and mobile devices to Jamf Pro. This establishes a connection between the computers and mobile devices and the Jamf Pro server. The Automated Device Enrollment settings allow you to integrate Jamf Pro with Automated Device Enrollment (formerly DEP). This is the first step to enrolling a device with Jamf Pro using a PreStage enrollment. After Jamf Pro is integrated with Automated Device Enrollment, you can use Jamf Pro to configure enrollment and device setup settings. You can also use the Automated Device Enrollment settings to renew an Automated Device Enrollment instance.

To integrate Jamf Pro with Automated Device Enrollment, you need to do the following:

  1. Download a public key (.pem) from Jamf Pro.

  2. Obtain a server token file (.p7m) from Apple.

  3. Upload the server token file to Jamf Pro to configure an Automated Device Enrollment instance.

Jamf Pro automatically refreshes information every two minutes in the Automated Device Enrollment instance. If information in Apple School Manager or Apple Business Manager is updated, this information is displayed in Jamf Pro. There can be up to a two minute delay on the information refresh, which can result in outdated information displayed in Jamf Pro. In addition, environment-specific factors can affect the refresh of information.

Note: Deleting an Automated Device Enrollment instance removes the instance from Jamf Pro but does not delete the settings in Apple School Manager or Apple Business Manager.

Downloading a Public Key

Before you can obtain the server token file from Apple, you need to download a public key from Jamf Pro.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/17105110/Settings_Icon.png .

  3. Click Global Management.

  4. Click Automated Device Enrollment images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/80740869/Device_Enrollment_Program.png .

  5. Click Public Key to download the public key.

The public key (.pem) is downloaded immediately.

Obtaining the Server Token File

Requirements

To obtain the server token file from Apple, you need an Apple School Manager or Apple Business Manager account and the Administrator or Device Manager role assigned.

For more information about Automated Device Enrollment, accounts, and roles, see the following Apple documentation:

Note: It is recommended that you only use one Apple School Manager or Apple Business Manager account to integrate with Automated Device Enrollment. Using more than one account makes it difficult to isolate the account causing the issues when troubleshooting.

Procedure

To download the server token file, you need to upload your public key to the Automated Device Enrollment instance.

  1. Log in to Apple School Manager or Apple Business Manager .

  2. (Optional) Follow the onscreen instructions to verify your identity.

  3. Click Settings at the bottom of the sidebar, and then click Device Management Settings.

  4. Click Add MDM Server.

  5. In the MDM Server Name field, enter the name for your server.

  6. Click Choose File, and then upload the public key (.pem) you downloaded from Jamf Pro.

  7. Click Save.

  8. Click Download Token to download the server token file (.p7m).

Uploading the Server Token File to Configure Automated Device Enrollment

This process creates one Automated Device Enrollment instance in Jamf Pro. To meet the needs of your organization, you can repeat the process to create multiple instances.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/80740869/Settings_Icon.png .

  3. Click Global Management.

  4. Click Automated Device Enrollment images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/80740869/Device_Enrollment_Program.png .

  5. Click New images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/17105124/Icon_New_Button.png .

  6. Enter a display name for the Automated Device Enrollment instance.

  7. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. This creates one Automated Device Enrollment instance in Jamf Pro.
    The information contained in the server token file is displayed.

    Note: A server token is valid for one year after the token is uploaded and saved in Jamf Pro.

  8. (Optional) Choose a supervision identity to associate with the Automated Device Enrollment instance. For more information, see Supervision Identities.

  9. Click Save images/download/thumbnails/81531754/floppy-disk.png .

  10. To configure another instance, repeat steps 5-9.

Replacing a Server Token File to Renew an Automated Device Enrollment Instance

If your Automated Device Enrollment server token has expired or needs to be replaced, you must download a new token from Apple School Manager or Apple Business Manager and upload it to Jamf Pro.

Note: If you are uploading a new server token file (.p7m) to renew an expired Automated Device Enrollment instance, it is recommended that you do not delete the expired instance from Jamf Pro before uploading the new server token file.

  1. Log in to Apple School Manager or Apple Business Manager.

  2. Click Settings at the bottom of the sidebar.

  3. Click to select your Jamf Pro MDM server, and then click Download Token. The generated server token file (.p7m) is downloaded to your computer.

  4. Log in to Jamf Pro.

  5. In the top-right corner of the page, click Settings images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/80740869/Settings_Icon.png .

  6. Click Global Management.

  7. Click Automated Device Enrollment images/docs.jamf.com/10.20.0/jamf-pro/administrator-guide/images/download/thumbnails/80740869/Device_Enrollment_Program.png .

  8. Select the Automated Device Enrollment instance you want to renew and click Edit.

  9. Click Upload Server Token File to upload the server token file (.p7m) you downloaded from Apple. The information contained in the server token file is displayed.

  10. Click Save.

Related Information

For related information, see the following Jamf Knowledge Base videos:

For related information, see the following sections in this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.