PreStage Panes are groups of settings that customize the screens that display during Automated Device Enrollment with Jamf Pro. The PreStage Panes display during the Setup Assistant after the user chooses a Wi-Fi Network or another internet connection.
- Single Sign-On Authentication
If you have Single Sign-On enabled in Jamf Pro, this pane automatically prompts users to sign in using organization SSO credentials to enroll the computer. Your existing Jamf Pro SSO settings are used, and can allow any Identity Provider (IdP) user to sign-in and enroll or only a select group of users in your IdP.
Note:You can only allow access to one group.
Users are assigned to the device in Jamf Pro after sign-in. If Directory Service is integrated with Jamf Pro, the User and Location information is populated using a lookup from Jamf Pro to Directory Service. If Directory Service is not integrated with Jamf Pro, the Username field is the only information populated in the User and Location category, and user lookup will not work during enrollment.
If your organization uses Jamf Connect for local account creation, you can enable the Enable Jamf Pro to pass user information to Jamf Connect setting. This allows Jamf Pro to pass the SAML token attributes to Jamf Connect to use to create the user's local account name and full name on the computer. This workflow requires additional attribute mapping to confirm that the attribute values sent in a SAML token from your IdP contain the correct values for local account creation. For more information, see the Managing Jamf Connect and Enrollment Customization with Jamf Pro technical paper.
Jamf Pro creates a profile with this information and distributes the profile to the computer during enrollment. This information remains on the computer for up to one hour.
- Text
You can enter custom text to display to the user during enrollment, such as an acceptable use policy. You can enter page title and label names for the navigational buttons on-screen.
You can enter text in plain text format or use Markdown in the text body to customizing the text format. See the Using Markdown to Format Text article for information on limitations to the Markdown syntax that can be used in this pane.
Note:HTML is not supported.
You can configure multiple Text PreStage Panes to suit your environment.
After you add a Text pane, you can preview the user experience in Jamf Pro.
- Directory Service Authentication
If you have a Directory Service server set up in Jamf Pro, this pane enables the user to authenticate using their Directory Service credentials during enrollment. You must enter text for a title of the page, text for the username and password fields, and text to label the navigational buttons to guide the user through the login screen.
In addition, you can restrict enrollment access to only a select Directory Service group or groups. Only the selected Directory Service group is allowed to enroll devices using the PreStage enrollment. You can add multiple Directory Service groups to the pane to suit your environment.
This automatically assigns the user to their device in Jamf Pro. The User and Location information is populated using a lookup from Jamf Pro to Directory Service.
Note:You can only add one Directory Service Authentication pane per Enrollment Customization configuration, and you cannot add a Directory Service Authentication pane if a Single Sign-On Authentication pane already exists in the Enrollment Customization.