User Enrollment Experience for Personally Owned Mobile Devices

User Enrollment Experience for Personally Owned Mobile Devices

When a user accesses the enrollment URL from a personally owned mobile device using Safari, they are guided through a series of steps to enroll the device. The text displayed in the images may vary depending on if the text or languages are customized in the User-Initiated Enrollment settings. For more information, see User-Initiated Enrollment Settings. iOS and iPadOS devices can be enrolled using User Enrollment as personally owned devices.

Note: If you are re-enrolling a device that was previously enrolled using the deprecated method of using a Personal Device Profile, it is recommended that you first remove the device's previous record from Jamf Pro. For more information about how to re-enroll a device enrolled using a Personal Device Profile, see "Migrating Devices from Personal Device Profiles to User Enrollment" in the Building a BYOD Program with User Enrollment and Jamf Pro technical paper.

The following workflow describes how user enrollment can be used to enroll personally owned mobile devices:

  1. The user is prompted to log in with either their directory credentials or a Jamf Pro user account with user-initiated enrollment privileges. Directory credentials may include one of the following authentication types:

    • LDAP

    • Single sign-on (SSO)

    • Cloud Identity Provider

    After entering their credentials, the user must click Log In. If the credentials are entered via Jamf Pro, the user must click Log In. If the user is authenticating via a single sign-on provider, the user will be redirected to their organization's login page.

  2. The user is prompted to enroll the device as a personally owned device or an institutionally owned device.
    This step is only displayed if both institutionally owned device enrollment and personally owned device enrollment are enabled in Jamf Pro.


    You can display a description to users who enroll a personally owned device. For more information, see User-Initiated Enrollment Settings.

  3. (Optional) If prompted to select a site, the user may choose a site to associate their device with. This will apply the appropriate site settings as defined by your organization to the device.

  4. (Optional) If the user-initiated enrollment settings are set with the Skip certificate installation during enrollment checkbox is deselected, the user will be prompted to install a profile containing the CA certificate before they install the MDM profile.
    The user must follow the onscreen instructions to install the CA certificate. After the CA certificate is installed, the user must return to Safari to install the MDM profile.

  5. When prompted, the user must enter their Managed Apple ID email address to download their MDM profile.

  6. A "Profile Downloaded" dialog will be displayed. The user must click Close.

  7. In the Settings app, the user clicks Enroll in [Your Organization Name] to continue and follow the onscreen enrollment prompts. The user will be required to authenticate using the same Managed Apple ID that they entered earlier. If the user authenticates using a Managed Apple ID that does not match the one entered prior to downloading the MDM profile, the enrollment will fail and the user must restart the enrollment process from the beginning.

    For more information on the sign-in process for User Enrollment, see User Enrollment into MDM in Apple's Deployment Reference for iPhone and iPad.

    Important: The user has eight minutes to install the enrollment profile before iOS discards the profile. If this occurs, the user must restart the enrollment process from the beginning.

  8. When the user returns to the Safari web browser, the following message will be displayed indicating that the device is enrolled with Jamf Pro.


Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.