User Enrollment for Personally Owned Mobile Devices

You can allow users to enroll personally owned mobile devices with Jamf Pro by having them log in to an enrollment portal where they are prompted to install the MDM profile and certificates.

Note: Jamf Pro supports Account-Driven User Enrollment. This enrollment method redirects the user to the enrollment portal where they are prompted to install the MDM profile on their device after they authenticate to their device with a Managed Apple ID. Because this enrollment method is initiated when the user signs in with the Managed Apple ID, you do not have to provide users with the enrollment URL to direct them to the enrollment portal. For more information, see Account-Driven User Enrollment for Personally Owned Mobile Devices.

Disclaimer: Personal device profiles have been deprecated and are no longer recommended as a method of enrolling personally owned devices. User Enrollment is the Apple-preferred method for enrolling personally owned devices in a Bring Your Own Device (BYOD) program. For information on enrolling personally owned iOS or iPadOS devices with Jamf Pro, see the Building a BYOD Program with User Enrollment and Jamf Pro technical paper. For legacy documentation about Personal Device Profiles, see version 10.27.0 or earlier of the Jamf Pro Administrator's Guide.

General Requirements

To allow personally owned mobile devices to be enrolled with user-initiated enrollment, you need:

Providing an Enrollment URL to Users

To direct users to the enrollment portal, you need to provide them with the enrollment URL. The enrollment URL is the full URL for the Jamf Pro server followed by “/enroll”. For example:

  • https://instancename.jamfcloud.com /enroll (hosted in Jamf Cloud)

  • https://jamf.instancename.com:8443/enroll (hosted on-premise)

You can provide the enrollment URL to users in the way that best fits your environment.

Note: Users must use Safari to access the enrollment URL.

Users can log in to the enrollment portal using an LDAP directory account or a Jamf Pro user account. When a user logs in with an LDAP directory account, user and location information is submitted to Jamf Pro during enrollment. When a user logs in with a Jamf Pro user account, it allows an LDAP user to be assigned to the mobile device.

Related Information

For related information, see the following sections in this guide:

For related information, see the following sections in Apple's Mobile Device Management Settings:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.