Creating a Configuration Profile using Jamf Pro
You can use Jamf Pro to create a computer configuration profile that configures Jamf Connect settings with the Application & Custom Settings payload. This payload allows you to select Jamf Connect preferences, automatically generate a PLIST file, and configure the scope. Jamf Pro can use configuration profiles created in this way to automatically deploy and update Jamf Connect.
Depending on which components of Jamf Connect you plan to use, you must configure settings for the following Jamf application domains:
- com.jamf.connect—
Includes all settings for the Jamf Connect menu bar app
- com.jamf.connect.login—
Includes all settings for the Jamf Connect login window
-
You can configure multiple Application & Custom Setting payloads in a single configuration profile. This allows you to configure multiple preference domains in a single configuration profile.
-
You can split your Jamf Connect settings into multiple configuration profiles written to the same preference domains. This allows you to easily add or remove a subset of Jamf Connect settings (e.g., enrollment-only settings).
Configuring Enrollment-only Settings
Best practice workflows cover common scenarios; however, the following recommendations may not apply in your environment.If you plan to configure Jamf Connect settings that should only be used during enrollment, you can create a separate configuration profile for these settings. Common settings include the following:
-
Acceptable use policy settings
-
Notify screen script
-
authchanger command-line arguments that enable the Notify screen
Create a configuration profile that includes the following Application & Custom Settings payloads:
-
Configure the
com.jamf.connect.login
preference domain with enrollment-only settings. -
If your organization uses the Notify screen, configure the
com.jamf.connect.authchanger
preference domain to enable the Notify screen after Jamf Connect is installed.
-
Jamf Pro 10.18.0 or laterNote:
If you plan to deploy Jamf Connect with a PreStage Enrollment, your configuration profile must be signed.
-
Integration with a cloud identity provider (IdP)
-
Familiarity with your IdP's minimum authentication settings
Your configuration profiles are distributed to target computers when they check in with Jamf Pro. If you configure deployment and update settings for the newly created profile, Jamf Pro will install or update Jamf Connect on target computers accordingly.