Deploying Jamf Connect via Automated Device Enrollment

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
Use a PreStage enrollment in Jamf Pro to deploy your Jamf Connect PKG, configuration profiles, and packages of custom files and images to new computers during Automated Device Enrollment.
Requirements
Note:

If you're deploying only one configuration profile, complete this workflow, then follow the steps in the Best Practice: Deploying only one Configuration Profile note below.

  1. In Jamf Pro, click Computers in the sidebar.
  2. Click PreStage Enrollments in the sidebar.
  3. Click New .
  4. Configure the following PreStage enrollment payloads:

    General

    • Configure basic settings for the PreStage enrollment and customize the user experience of the Setup Assistant.

      Note:

      To ensure Jamf Connect is installed before the login window loads, do not skip all the Setup Assistant steps. Jamf recommends adding one or more steps (e.g., Privacy).

    • If your Jamf Pro environment requires authentication from an LDAP server, select Require Authentication.

    • If you are using Enrollment Customization configuration to enroll users and create local accounts with Jamf Connect, add your pre-configured Enrollment Customization configuration. For more information about using Enrollment Customization with Jamf Connect, see the Managing Jamf Connect and Enrollment Customization with Jamf Pro technical paper.

    Account Settings

    • Select Create a managed local administrator account before Setup Assistant and configure the credentials to be used for the local administrator account.

    • Select Skip Account Creation. Jamf Connect will create a local user account on the computer.

    Configuration Profiles

    Select the configuration profiles you created for Jamf Connect.

    Enrollment Packages

    Select the Jamf Connect PKG and the PKG with your custom files that you previously uploaded to your Jamf Pro cloud distribution point. Select the Self Service+ PKG if you plan to distribute it alongside Jamf Connect to prevent any issues. For more information, see Self Service+ Deployment.

    Note:

    Packages with higher priority install first. Multiple packages with the same priority install in alphabetical order based on the package name.

  5. Click the Scope tab and configure the scope.

    The computers listed on the Scope tab are the computers that are associated with Automated Device Enrollment via the server token file (.p7m) you downloaded from Apple. You can use the Select All button to add all associated computers to the scope. This adds all computers associated with Automated Device Enrollment via the server token file regardless of any results that have been filtered using the Filter Results search field. The Unselect All button removes all associated computers from the scope.

    Note:

    If you want to automatically add computers to the scope as they become associated with the Automated Device Enrollment instance, select the Automatically assign new devices checkbox in the General payload.

  6. Click Save .

Computers in the scope will now be enrolled using the PreStage enrollment.

Best Practice:

Deploying Jamf Connect settings in one configuration profile

If all your Jamf Connect settings are deployed with one configuration profile, follow these steps, which ensure that computers in your PreStage enrollment are also in the scope of the Jamf Connect configuration profile.

  1. In Jamf Pro, clickComputers > Smart Computer Group in the sidebar.

  2. Click New.

  3. Enter a Display Name for the smart computer group, such as Jamf Connect PreStage Enrollments.

  4. Click the Criteria tab then click Add (+).

  5. Click the Show Advanced Criteria Show Advanced Criteria button then scroll down to Enrollment Method:PreStage Enrollment and click Choose.

  6. Click the ellipses (...) and select the Jamf Connect PreStage enrollment you created in the workflow above.

  7. Click Add (+).

  8. Click Save.