User Enrollment Experience for Mobile Devices

When a user accesses the enrollment URL from a mobile device using Safari, they are guided through a series of steps to enroll the device. iOS and iPadOS devices can be enrolled using User Enrollment as personally owned devices.

Note: If you are re-enrolling a device that was enrolled using a Personal Device Profile, it is recommended that you remove the device's previous record from Jamf Pro. For more information about how to re-enroll a device enrolled using a Personal Device Profile, see "Migrating Devices from Personal Device Profiles to User Enrollment" in the Building a BYOD Program with User Enrollment and Jamf Pro technical paper.

  1. The user is prompted to enter credentials for an LDAP directory account, single sign-on (SSO) credentials, or Jamf Pro user account with user-initiated enrollment privileges, and then they must click Log in.
    To allow users to use SSO credentials, you must integrate a third-party Identity Provider (IdP) and enable the Enable Single Sign-On for User-Initiated Enrollment setting. For more information, see Single Sign-On.
    images/download/attachments/81534250/Admin_login.png

    Note: If notified that the device cannot verify the identity of the Jamf Pro server when navigating to the enrollment URL, the user must proceed to the website to log in to the enrollment portal. This notification only appears if the Jamf Pro server uses an untrusted SSL certificate.

  2. The user is prompted to enroll the device as a personally owned device or an institutionally owned device.
    This step is only displayed if both institutionally owned device enrollment and personally owned device enrollment are enabled in Jamf Pro.
    images/download/attachments/81534250/institutional_personal.png

    You can display a description to users who enroll a personally owned device. (For more information, see User-Initiated Enrollment Settings.)
    images/download/attachments/81534250/personal_description.png

  3. The user is prompted to continue to the CA certificate installation.
    images/download/attachments/81534250/CA_cert_continue.png

    Note: For mobile devices with iOS 11 or later, a pop-up window will appear notifying users, “This website is trying to open Settings to show you a configuration profile. Do you want to allow this?” The user must tap Allow. For devices with iOS 12.2 or later, an additional message is displayed notifying users, "Complete installation of this profile in the Settings app." The user must tap Close, and then navigate to the Settings app to complete the installation.

  4. The user must tap Install to continue.

    images/download/attachments/81534250/CA_cert_install_2.PNG
  5. When notified that the profile will change settings on the device, the user must tap Install.
    If the device has a passcode, the user must enter the passcode.
    images/download/attachments/81534250/CA_cert_Warning.png

  6. To complete the installation, the user must tap Done.

    images/download/attachments/81534250/CA_cert_Done.png
  7. The user is prompted to enter their Managed Apple ID to install the MDM profile.
    images/download/attachments/81534250/Enter_MAID.png

  8. The user is prompted to continue to the MDM profile installation.
    Information about enrollment can be accessed by tapping the Information images/download/thumbnails/81534250/iOS_MDM_info.png icon.
    images/download/attachments/81534250/Continue_MDM.png

    Note: For mobile devices with iOS 11 or later, a pop-up window will appear notifying users, “This website is trying to open Settings to show you a configuration profile. Do you want to allow this?” The user must tap Allow. For devices with iOS 12.2 or later, an additional message is displayed notifying users, "Complete installation of this profile in the Settings app." The user must tap Close, and then navigate to the Settings app to complete the installation.

  9. The user taps Enroll My iPad or Enroll My iPhone to continue.
    For more information on the sign-in process for User Enrollment, see User Enrollment into MDM in Apple's Deployment Reference for iPhone and iPad.

    images/download/attachments/81534250/MAID_enroll.png
  10. The user taps Continue to proceed to the Managed Apple ID sign in page. The user is then prompted to enter the password for their Managed Apple ID.
    images/download/attachments/81534250/MAID_Continue.png

  11. When the enrollment is complete, the device is enrolled with Jamf Pro.
    images/download/attachments/81534250/UIE_Complete.png

    If you chose to install Self Service for iOS, users are prompted to install the app from the App Store. For more information, see Jamf Self Service for iOS.
    images/download/attachments/81534250/Self_Service_Install.png

    Note: Apple has enabled an important security enhancement beginning with iOS 10.3. This security enhancement requires untrusted root certificates installed manually on unsupervised iOS devices to be manually trusted in Certificate Trust Settings during user-initiated enrollment, or installation of the MDM profile will fail. For more information, see the Changes in User-Initiated Enrollment with Untrusted Certificate Authority (CA) Signed SSL Certificates in iOS 10.3 and Later Knowledge Base article.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.