Jamf Pro's user-initiated enrollment settings configure enrollment restrictions, workflows, and user experience for devices.
- In Jamf Pro, click Settings in the sidebar.
- In the Global section, click User-initiated enrollment .
- Click Edit .
- Use the General tab to configure settings for restricting re-enrollment, skipping certificate installation, or uploading a third-party signing certificate to be used during enrollment.Note:
The certificate installation step is skipped by default.
- Use the Messaging tab to customize the text displayed on devices during enrollment.
You can configure text for multiple languages.
- To add a language, click +Add Language and then choose the language from the Language pop-up menu. To customize an existing language, click Edit .Note:
English is the default language if the device does not have a preferred language set on it.
- In the Page Title for Enrollment field, enter a page title to display at the top of all enrollment pages.
- Use the Login Page Text field to add custom messaging.
- Use the rest of the Language dialog to further customize settings such as Login and Device ownership messaging.
For more information see User-Initiated Enrollment Messaging Settings.
- Click Save.
- To add a language, click +Add Language and then choose the language from the Language pop-up menu. To customize an existing language, click Edit .
- Use the Computers tab to enable user-initiated enrollment and configure the management account for Mac computers.Warning:
Do not use the same username for the managed local administrator account created in user-initiated enrollment settings and a managed local administrator account created in a PreStage enrollment. If the same username is used for both, those accounts may not be created correctly during Automated Device Enrollment, and unexpected errors may occur. In addition, the password for the local administrator password solution (LAPS) will not be retrievable in the Jamf Pro API.
- Use the Devices tab to enable account-driven User Enrollment (user-initiated enrollment using a Managed Apple Account) for mobile devices.Note:
If you have personally owned devices currently enrolled in Jamf Pro using a Personal Device Profile, enabling account-driven User Enrollment does not remove them from management.
- Use the Access tab to specify whether an LDAP group has access to enroll devices using an enrollment URL without an invitation.
When sites are defined in Jamf Pro, you can choose a site to display to LDAP user groups during enrollment.
Note:If an LDAP user belongs to more than one LDAP user group in Jamf Pro, the user will have the option to select the sites you assign to each group that user belongs to.
- Click Save .