User-Initiated Enrollment Experience for Institutionally Owned Mobile Devices

User-Initiated Enrollment Experience for Institutionally Owned Mobile Devices

When a user accesses the enrollment URL from an institutionally owned iOS or iPadOS device using Safari, they are guided through a series of steps to enroll the device. The text displayed in the images below may vary depending on if the text or languages are customized in the User-Initiated Enrollment settings. For more information, see User-Initiated Enrollment Settings.

Note: Personally owned devices must be enrolled using User Enrollment. For information, see User Enrollment for Personally Owned Mobile Devices.

The following workflow describes how user-initiated enrollment can be used to enroll institutionally owned mobile devices:

  1. The user is prompted to log in with either their directory credentials or a Jamf Pro user account with user-initiated enrollment privileges. Directory credentials may include one of the following authentication types:

    • LDAP

    • Single sign-on (SSO)

    • Cloud Identity Provider

    After entering their credentials, the user must click Log In. If the credentials are entered via the Jamf Pro log in page, the user must click Log In. If the user is authenticating via a single sign-on provider, the user will be redirected to their organization's login page.
    images/download/attachments/85395513/1-log_In.png
    The login prompt is not displayed if the enrollment portal was accessed via an enrollment invitation in which the Require Login option is disabled.

  2. The user is prompted to enroll the device as a personally owned device or an institutionally owned device.
    This step is only displayed if both institutionally owned device enrollment and personally owned device enrollment are enabled in Jamf Pro.

    images/download/attachments/85395513/specify_device.png

    You can display a description to users who enroll an institutionally owned device. For more information, see User-Initiated Enrollment Settings.

    images/download/attachments/85395513/institutional_description.png
  3. Users who authenticated using a Jamf Pro user account and users who accessed the enrollment portal via an invitation for which the "Require Login" option is disabled will see an "Assign to user" dialog. For more information about enrollment invitations, see User-Initiated Enrollment for Mobile Devices.
    images/download/attachments/85395513/assign_to_user.png

  4. An LDAP or Cloud Identity Provider user may optionally be linked to the enrolling device by performing a search in the field in this dialog. The user must enter their username and click the magnifying glass icon to search for a match in the LDAP or Cloud Identity Provider directory.

    1. If a matching user is found, a checkmark will be displayed at the end of the text field. The user can click Enroll to continue with enrollment, and the device will be associated with their username.

      images/download/attachments/85395513/AssignToUser_Valid.png
    2. If the user is not found, an X is displayed at the end of the text field. The user can leave the Assign to user field blank and then click the Enroll button to continue enrollment without associating the device to a user.
      images/download/attachments/85395513/AssignToUser_Invalid.png

      Note: To assign a user to a device, the Jamf Pro user account must have the "Assign Users to Mobile Devices" privilege.

    3. If prompted to select a site, the user may choose a site to associate their device with. This will apply the appropriate site settings as defined by your organization to the device.

      images/download/attachments/85395513/Site.png
  5. (Optional) If the user signed in with a directory user and the text for an End User License Agreement (EULA) was entered in Jamf Pro, the user must accept the EULA to continue.

    images/download/attachments/85395513/Step_3_-_EULA.png
  6. (Optional) If the user-initiated enrollment settings are set with the Skip certificate installation during enrollment checkbox is deselected, the user will be prompted to install a profile containing the CA certificate before they install the MDM profile.
    images/download/attachments/85395513/_CA_Cert.png

    Note: The user must follow the onscreen instructions to install the CA certificate. After the CA certificate is installed, the user must return to Safari to install the MDM profile and complete enrollment.

  7. When prompted, the user must click Continue to download and install the MDM profile. Information about enrollment can be accessed by clicking the Information icon.

    images/download/attachments/85395513/continue_enrollment_need_mdm_profile.png
  8. For devices with iOS 12.2 or later, the following additional message is displayed: "Complete installation of this profile in the Settings app."

  9. Next, a Profile Downloaded dialog is displayed:

    images/download/thumbnails/85395513/ProfileDownloaded.png

    The user must click Close, and then navigate to the Settings app and click the Profile Downloaded in the left sidebar to complete the installation.

  10. The user may need to click Install multiple times to continue and must follow the onscreen instructions to trust the MDM profile, which may include entering their passcode if one is required.

    Important: The user has eight minutes to install the enrollment profile before iOS discards the profile. If this occurs, the user must restart the enrollment process from the beginning.

  11. When the user returns to the Safari web browser, the following message will be displayed indicating that the device is enrolled with Jamf Pro.
    images/download/attachments/85395513/enrollment_complete.png

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.