User-Initiated Enrollment for Computers

You can allow users to enroll their own computers by having them log in to an enrollment portal where they follow the onscreen instructions to complete the enrollment process.

User-initiated enrollment is one of the methods that results in a User Approved MDM state for eligible computers. This state is required for certain performance and security enhancements, like managing kernel extensions. For more information about User Approved MDM and Jamf Pro, see the Managing User Approved MDM with Jamf Pro Knowledge Base article.

Users will be prompted to download either an MDM profile or QuickAdd package during user-initiated enrollment based on the version of macOS on their computer. The following are the different types of user-initiated enrollment:

  • User-initiated enrollment with an MDM profile (macOS 10.13 or later)—The user will be prompted to download and install a CA certificate and MDM profile during the user-initiated enrollment process. Users must manually return to the enrollment portal webpage after CA certificate installation to install the MDM profile and complete the enrollment process. The jamf binary is installed automatically after MDM enrollment is complete.

    Note: If user-initiated enrollment settings are configured to skip certificate installation during enrollment, users will only be prompted to download the MDM profile.

  • User-initiated enrollment with a QuickAdd package (macOS 10.12.6 or earlier)—The user will be prompted to download and install a QuickAdd package during the user-initiated enrollment process.

General Requirements

To allow computers to be enrolled with user-initiated enrollment, you need:

Providing an Enrollment URL to Users

To direct users to the enrollment portal, you need to provide them with the enrollment URL. The enrollment URL is the full URL for the Jamf Pro server followed by “/enroll”. For example:

  • https://instancename.jamfcloud.com/enroll (hosted in Jamf Cloud)

  • https://jamf.instancename.com:8443/enroll (hosted on-premise)

You can provide the enrollment URL to users in the way that best fits your environment.

Users can log in to the enrollment portal using an LDAP directory account or a Jamf Pro user account. When a user logs in with an LDAP directory account, user and location information is submitted to Jamf Pro during enrollment. When a user logs in with a Jamf Pro user account, it allows an LDAP user to be assigned to the computer.

Sending a Computer Enrollment Invitation

You can send an email invitation that contains the enrollment URL from Jamf Pro to one or more users. Users click the enrollment URL in the email message to access the enrollment portal. Enrollment invitations give you more control over user access to the enrollment portal by allowing you to do the following:

  • Set an expiration date for the invitation

  • Require users to log in to the portal

  • Allow multiple uses of the invitation

  • Add the computer to a site during enrollment

  • View the status of the invitation

Requirements

To send a computer enrollment invitation, you need an SMTP server set up in Jamf Pro (For more information, see Integrating with an SMTP Server.)

Procedure

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Enrollment Invitations.

  4. Click New images/download/thumbnails/80767655/Icon_New_Button.png .

  5. Follow the onscreen instructions to send the enrollment invitation.

An enrollment invitation is immediately sent to the email addresses you specified.

You can view the status of the enrollment invitation in the list of invitations.

Viewing Computer Enrollment Invitation Usage

  1. Log in to Jamf Pro.

  2. Click Computers at the top of the page.

  3. Click Enrollment Invitations.

  4. Click the enrollment invitation you want to view usage for.

  5. Click View Enrolled Computers images/download/thumbnails/80749108/preview-content.png .
    A list of computers enrolled with the invitation is displayed.

Related Information

For related information, see the following sections in this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.