Uploading a Configuration Profile

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0

You can upload a complete configuration profile (.mobileconfig) directly to Jamf Pro.

Note:

  • If the <UUID> (universally unique identifier) field of a configuration profile matches an existing configuration profile in Jamf Pro, the profile cannot be uploaded.

  • Some payloads and settings configured with third-party software are not displayed in Jamf Pro. Although you cannot view or edit these payloads, they are still applied to the deployment targets.

You can upload signed or unsigned configuration profiles:
Type of ProfileConsiderations
Signed

Signed configuration profiles are not modified during the import or deployment processes. If the <PayloadType> or specific <key> values in the profile are unknown to Jamf Pro, those values will not display in the Jamf Pro interface but should install correctly.

After uploading a signed configuration profile, Jamf Pro will alert administrators that the profile is read-only and cannot be edited unless the signature is removed. If you click Remove Signature, Jamf Pro will attempt to import the contents of the profile and allow administrators to edit it.

Note:

Signed configuration profiles cannot use configuration profile variables available in Jamf Pro.

You can create a signing certificate using Jamf Pro's built-in certificate authority (CA). This enables you to sign profiles using Jamf Pro. Configuration profiles can be signed using the certificate of your choice, but creating a signing certificate generated by the Jamf Pro CA provides the following benefits:

  • Marks the custom configuration profiles as trusted since managed devices have established trust with the Jamf Pro built-in CA

  • Ensures the custom configuration profile displays the same organization name as other configuration profiles created in Jamf Pro

For step-by-step instructions, see the Creating a Signing Certificate Using Jamf Pro's Built-in CA to Use for Signing Configuration Profiles and Packages article.

Unsigned

Jamf Pro attempts to import all of the file's values to associate with known settings within the Jamf Pro console and allow further editing. If the <PayloadType> or specific <key> values in the profile are unknown to Jamf Pro, the deployed configuration profile may not contain those values or install correctly.

Note:

Unsigned profiles with payload types and key-value pairs known to Jamf Pro should deploy as intended.

  1. In Jamf Pro, click Devices in the sidebar.
  2. Click Configuration Profiles in the sidebar.
  3. Click Upload and upload the configuration profile (.mobileconfig).
  4. Use the General payload to configure basic settings for the profile, including a distribution method. If you chose to make the profile available in Jamf Self Service, choose a Security setting.
  5. Click the Scope tab and specify the devices and users to which the profile should be applied.
    Note:

    For limitations or exclusions to be based on LDAP users or LDAP user groups, the Username field must be populated in the mobile device's inventory.

  6. (Optional) If you chose to distribute the profile in Self Service, click the Self Service tab to configure Self Service settings for the profile.
  7. Click Save .

The profile is distributed to deployment targets in the scope the next time they contact Jamf Pro.