When a user accesses an enrollment URL, they are guided through a series of steps to enroll the computer. The enrollment steps vary depending on the version of macOS installed on the computer. The text in the images below may vary depending on if the text or languages are customized with Jamf Pro's user-initiated enrollment settings.
- The user is prompted to log in with either their directory credentials or a Jamf Pro user account with user-initiated enrollment privileges. Directory credentials may include one of the following authentication types:
LDAP
Single sign-on (SSO)
Cloud identity provider (IdP)
After entering their credentials, the user must click Log In. If the credentials are entered via the Jamf Pro log in page, the user must click Log In. If the user is authenticating via a single sign-on provider, the user will be redirected to their organization's login page.
The login prompt is not displayed if the enrollment portal was accessed via an enrollment invitation in which the Require Login option is disabled.
- Users who authenticated using a Jamf Pro user account and users who accessed the enrollment portal via an invitation for which the option is disabled see an "Assign to user" dialog.
- An LDAP or Cloud Identity Provider user may optionally be linked to the enrolling computer by performing a search in the field in this dialog. The user must enter their username and click the magnifying glass icon to search for a match in the LDAP or Cloud Identity Provider directory.
- If a matching user is found, a checkmark will be displayed at the end of the text field. The user can click Enroll to continue with enrollment, and the computer will be associated with their username.
- If the user is not found, an X is displayed at the end of the text field. The user can leave the Assign to user field blank and then click the Enroll button to continue enrollment without associating the computer to a user.Note:
To assign a user to a device, the Jamf Pro user account must have the "Assign Users to Computers" privilege.
- If prompted to select a site, the user may choose a site to associate their computer with. This will apply the appropriate site settings as defined by your organization to the computer.
- If a matching user is found, a checkmark will be displayed at the end of the text field. The user can click Enroll to continue with enrollment, and the computer will be associated with their username.
- (Optional) If the user signed in with a directory user and the text for an End User License Agreement (EULA) was entered in Jamf Pro, the user must accept the EULA to continue.
- (Optional) If the user-initiated enrollment settings are set with the Skip certificate installation during enrollment checkbox deselected, the user is prompted to install a profile containing the CA certificate before they install the MDM profile.
The user must follow the onscreen instructions to install the CA certificate. After the CA certificate is installed, the user must return to their web browser to install the MDM profile and complete enrollment.
Note:If your Jamf Pro instance is hosted on-premise, computers with macOS 13 or later do not automatically trust certificates from manually installed configuration profiles. Users must open Keychain Access, double-click your organization's JSS Built-in CA Certificate, and trust the certificate. For instructions, see Change the trust settings of a certificate in Keychain Access on Mac from the Keychain Access User Guide.
- When prompted, the user must click Continue to download and install the MDM profile.
- When the user returns to the web browser, the following message will be displayed indicating that the computer is enrolled with Jamf Pro.
