Computer PreStage Enrollments

A PreStage enrollment allows you to store enrollment and OS X computer setup settings in the JAMF Software Server (JSS) and use them to enroll new OS X computers with the JSS. This reduces the amount of time and interaction it takes to prepare OS X computers for use.

Before you can use a PreStage enrollment, you need to integrate the JSS with the Device Enrollment Program (DEP). This creates an instance of DEP in the JSS. (For more information, see Integrating with the Device Enrollment Program.) Only computers associated with a DEP instance can be enrolled with the JSS using a PreStage enrollment.

After creating a DEP instance, you need to create a PreStage enrollment in the JSS for the computers you want to enroll. Creating a PreStage enrollment allows you to configure the enrollment settings and customize the user experience of the Setup Assistant. You can also specify the computers that should be enrolled using the PreStage enrollment. In addition, you can specify that computers newly associated with the DEP instance be automatically added to the PreStage enrollment.

You can require users to authenticate during computer setup using an LDAP directory account or a JSS user account. If users authenticate with an LDAP directory account, user and location information is submitted during enrollment.

When computers with OS X v10.10 or later are enrolled using a PreStage enrollment, they are also automatically managed if user-initiated enrollment is enabled for OS X in the JSS. When enabled, User-Initiated Enrollment settings apply to computer PreStage enrollments, including management account and QuickAdd package settings, and whether to automatically launch Self Service. (For more information, see User-Initiated Enrollment Settings and Installing Self Service on Computers.)

Computers with OS X v10.9 or earlier (and computers with OS X v10.10 or later if user-initiated enrollment is not enabled) can be managed using one of the following methods after they are enrolled with the JSS using a PreStage enrollment:

Requirements

To enroll a computer using a PreStage enrollment, the computer must be connected to the Internet during the Setup Assistant.

To require LDAP users or JSS users to authenticate during mobile device setup, you need an LDAP server set up in the JSS. (For more information, see Integrating with LDAP Directory Services.)

Configuring a Computer PreStage Enrollment

  1. Log in to the JSS with a web browser.

  2. Click Computers at the top of the page.

  3. Click PreStage Enrollments.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click New images/download/thumbnails/12977030/New_icon.png .

  5. Use the General payload to configure basic settings for the PreStage enrollment and customize the user experience of the Setup Assistant.
    To customize the user experience of the Setup Assistant, select which steps you want to skip in the Setup Assistant. If you choose to skip steps, the user can enable these settings after the computer is configured unless otherwise restricted.

  6. (Optional) Use the Account Settings payload to specify the accounts to create for computers with OS X v10.10 or later if they are enrolled via a PreStage enrollment and user-initiated enrollment for OS X is enabled in the JSS.
    Note: If a computer is not bound to a directory service, only the management account and the first local administrator account created for that computer can log in to the computer.

  7. (Optional) Use the User and Location payload to specify user and location information for the computers.
    This information is stored in the JSS for each computer enrolled using a PreStage enrollment.
    Note: The User and Location Information payload is only displayed if the Require Authentication checkbox is not selected.

  8. (Optional) Use the Passcode payload to specify passcode requirements for the computers.

  9. (Optional) Use the Purchasing payload to specify purchasing information for the computers.
    This information is stored in the JSS for each computer enrolled using a PreStage enrollment.

  10. (Optional) Use the Attachments payload to upload attachments to store for computers.
    This information is stored in the JSS for each computer enrolled using a PreStage enrollment.

  11. If the SSL certificate you are using is signed by an external CA (your organization's CA or a trusted third-party CA), use the Certificates payload to upload a certificate for the CA that you want computers to trust at enrollment.
    Note: The anchor certificate is only displayed if the SSL certificate you are using is signed by the JSS’s built-in CA.

  12. (Optional) Use the Directory payload to choose a directory server for the computers.

  13. Click the Scope tab and configure the scope of the PreStage enrollment by selecting the checkbox next to each computer you want to add to the scope.
    The computers listed on the Scope tab are the computers that are associated with the Device Enrollment Program (DEP) via the server token file (.p7m) you downloaded from the Apple Deployment Programs website.
    Note: If you want to add computers to the scope automatically as they become associated with the DEP instance, select the Automatically assign new devices checkbox in the General payload.

  14. Click Save.

Refreshing PreStage Enrollment Information

The JSS allows you to manually refresh information about the computers in the PreStage enrollment as needed.

  1. Log in to the JSS with a web browser.

  2. Click Computers at the top of the page.

  3. Click PreStage Enrollments.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click the PreStage enrollment you want to refresh.

  5. Click Refresh.

If there is updated information about the computers in DEP, this information is displayed in the JSS.

Cloning, Editing, or Deleting a PreStage Enrollment

  1. Log in to the JSS with a web browser.

  2. Click Computers at the top of the page.

  3. Click PreStage Enrollments.
    On a smartphone or iPod touch, this option is in the pop-up menu.

  4. Click the PreStage enrollment you want to clone, edit, or delete.

  5. Do one of the following:

    • To clone the PreStage enrollment, click Clone and make changes as needed. Then click Save.
      Note: Computers added to the scope of a PreStage enrollment are not cloned when cloning the PreStage enrollment.

    • To edit the PreStage enrollment, click Edit and make changes as needed. Then click Save.

    • To delete the PreStage enrollment, click Delete. Then click Delete again to confirm

Related Information

For related information, see the following section in this guide:

Integrating with the Device Enrollment Program
Find out how to configure an instance of DEP.

Copyright | Privacy | Terms of Use | Security
Copyright JAMF Software, LLC 2016