User Enrollment for Personally Owned Mobile Devices

You can allow users to enroll personally owned mobile devices by having them log in to an enrollment portal where they are prompted to install the MDM profile and certificates.

Disclaimer: Personal device profiles have been deprecated and are no longer recommended as a method of enrolling personally owned devices. User Enrollment is the Apple-preferred method for enrolling personally owned devices in a Bring Your Own Device (BYOD) program. For information on enrolling personally owned iOS or iPadOS devices with Jamf Pro, see the Building a BYOD Program with User Enrollment and Jamf Pro technical paper. For legacy documentation about Personal Device Profiles, see version 10.27.0 or earlier of the Jamf Pro Administrator's Guide.

Providing an Enrollment URL to Users

You can provide the enrollment URL to users in the way that best fits your environment.

Requirements

To allow personally owned mobile devices to be enrolled with user-initiated enrollment, you need:

Note: For mobile devices with iOS 10.3 or later, Apple has enabled an important security enhancement that requires untrusted root certificates installed manually on unsupervised iOS devices to be manually trusted in Certificate Trust Settings during user-initiated enrollment, or installation of the MDM profile will fail. For more information, see the Changes in User-Initiated Enrollment with Untrusted Certificate Authority (CA) Signed SSL Certificates in iOS 10.3 and Later article.

Procedure

To direct users to the enrollment portal, you need to provide them with the enrollment URL. The enrollment URL is the full URL for the Jamf Pro server followed by “/enroll”. For example:

  • https://instancename.jamfcloud.com /enroll (hosted in Jamf Cloud)

  • https://jamf.instancename.com:8443/enroll (hosted on-premise)

You can provide the enrollment URL to users in the way that best fits your environment.

Note: Users must use Safari to access the enrollment URL.

Users can log in to the enrollment portal using an LDAP directory account or a Jamf Pro user account. When a user logs in with an LDAP directory account, user and location information is submitted to Jamf Pro during enrollment. When a user logs in with a Jamf Pro user account, it allows an LDAP user to be assigned to the mobile device.

Related Information

For related information, see the following sections in this guide:

For related information, see the following sections in Apple's Mobile Device Management Settings:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.