User-Initiated Enrollment Experience for Computers

When a user accesses the enrollment URL, they are guided through a series of steps to enroll the computer. The steps vary depending on the version of macOS installed on the computer being enrolled. The text in the images below may vary depending on if the text or languages are customized in the User-Initiated Enrollment settings. For more information, see User-Initiated Enrollment Settings.

Note: For computers using macOS 10.12.6 or earlier, see version 10.30.0 of the User-Initiated Enrollment Experience for Computers section of the Jamf Pro Administrator's Guide for instructions.

The following workflow describes how user-initiated enrollment can be used to enroll computers:

  1. The user is prompted to log in with either their directory credentials or a Jamf Pro user account with user-initiated enrollment privileges. Directory credentials may include one of the following authentication types:

    • LDAP

    • Single sign-on (SSO)

    • Cloud Identity Provider

    After entering their credentials, the user must click Log In. If the credentials are entered via the Jamf Pro log in page, the user must click Log In. If the user is authenticating via a single sign-on provider, the user will be redirected to their organization's login page.

    images/download/attachments/85395428/Step_1_-_Login.png

    The login prompt is not displayed if the enrollment portal was accessed via an enrollment invitation in which the Require Login option is disabled. For more information about enrollment invitations, see User-Initiated Enrollment for Computers.

  2. Users who authenticated using a Jamf Pro user account and users who accessed the enrollment portal via an invitation for which the "Require Login" option is disabled will see an "Assign to user" dialog. For more information about enrollment invitations, see User-Initiated Enrollment for Mobile Devices.

    images/download/attachments/85395428/assign_to_user.PNG

    3. An LDAP or Cloud Identity Provider user may optionally be linked to the enrolling computer by performing a search in the field in this dialog. The user must enter their username and click the magnifying glass icon to search for a match in the LDAP or Cloud Identity Provider directory.

    1. If a matching user is found, a checkmark will be displayed at the end of the text field. The user can click Enroll to continue with enrollment, and the computer will be associated with their username.

      images/download/attachments/85395428/AssignToUser_Valid.png
    2. If the user is not found, an X is displayed at the end of the text field. The user can leave the Assign to user field blank and then click the Enroll button to continue enrollment without associating the computer to a user.
      images/download/attachments/85395428/AssignToUser_Invalid.png

      Note: To assign a user to a device, the Jamf Pro user account must have the "Assign Users to Computers" privilege.

    3. If prompted to select a site, the user may choose a site to associate their computer with. This will apply the appropriate site settings as defined by your organization to the computer.
      images/download/attachments/85395428/Site.png

  3. (Optional) If the user signed in with a directory user and the text for an End User License Agreement (EULA) was entered in Jamf Pro, the user must accept the EULA to continue.

    images/download/attachments/85395428/Step_3_-_EULA.png
  4. (Optional) If the user-initiated enrollment settings are set with the Skip certificate installation during enrollment checkbox is deselected, the user will be prompted to install a profile containing the CA certificate before they install the MDM profile.
    images/download/attachments/85395428/Step_4_-_CA_Cert.png

    Note: The user must follow the onscreen instructions to install the CA certificate. After the CA certificate is installed, the user must return to their web browser to install the MDM profile and complete enrollment.

  5. When prompted, the user must click Continue to download and install the MDM profile.

    images/download/attachments/85395428/Step_5_-_MDM_Profile.png

  6. For computers with macOS 11 or later, when the downloaded profile is opened, the user is notified in the Notification Center that a profile was downloaded and can be reviewed in System Preferences. The user must then navigate to System Preferences > Profiles > select the MDM profile > Install to finish the profile installation. Users are then prompted to trust the MDM enrollment profile and enter their local administrator account password to complete the MDM enrollment profile installation process.

    Important: The user has eight minutes to install the MDM enrollment profile before the profile is no longer displayed in System Preferences. If this occurs, the user must double-click the downloaded enrollment profile to install the MDM enrollment profile in System Preferences.

  7. When the user returns to the web browser, the following message will be displayed indicating that the computer is enrolled with Jamf Pro.

    images/download/attachments/85395428/enrollment_complete.PNG

Related Information

For related information, see the following sections in this guide:

User-Initiated Enrollment Settings
Learn about the settings you can configure for user-initiated enrollment.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.