Creating an Activation Profile

Jamf Security Cloud Portal Setup Guide
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Create an activation profile to enable security capabilities and settings to deploy to devices alongside the Jamf Trust app.

Best Practice:

Considerations for Activation Profile Management

  • Use descriptive names and a consistent naming convention for all activation profiles in your environment.

  • Most activation profile settings cannot be edited after creation. To update security capabilities and settings on devices, unenroll devices by uninstalling the Jamf Trust app and deleting the device record from Jamf Security Cloud.

  • Security capabilities available during activation profile creation depend on whether your organization subscribes to Jamf Protect, Jamf Connect, or both.

Requirements

  • Familiarity with Activation Profile Settings

  • If you intend to use Jamf Connect's Zero Trust Network Access or identity-based provisioning, you must link an identity provider to your portal.

    For more information, see Linking Identity Providers (IdPs).

  • If you want to apply a Jamf-branded block page, you must enable the customized block page under Settings > Notifications > Browser Templates.

    The customized block page is only shown on proxied Apple devices that are deployed via your UEM solution. On other devices, the static block page will be shown.

  1. In Jamf Security Cloud, navigate to Devices > Activation profiles.
  2. Click Create profile.
  3. On the Capabilities and routing page, select which security capabilities you want to enable with the activation profile.

    Available capabilities depend on which security products your organization subscribes to and may include all or some of the following:

    • Network accessProvides secure access to your organization's resources using Jamf Connect's Zero Trust Network Access
    • Content controlsManages network activity using Jamf Protect's internet content filtering and usage controls
    • Network securityProtects your network connections from cyber threats
    • Employee BadgeEnables mobile devices to act as passes for accessing offices and other locations. For more information, see Technical Paper: Deploying Employee Badge for Jamf Trust.
    • Device identityEnables requirements that devices must meet to access the organizations resources. For more information, see Technical Paper: Integrating AWS Verified Access with Jamf Device Identity.
  4. (Optional) Choose a traffic vectoring option and then click Next.

    Options vary depending on which service capabilities you selected.

    • If you select Network access, WireGuard VPN is automatically used.

    • If you select both Network access and Content controls, per-site data usage MB reporting is only available with on-device content filtering.

    • If you select network access alone or alongside network security or content controls, you can use managed device attestation with network relay.

    • If you select Enable network compatibility mode, on-device content filtering will be active, but DNS-based threat prevention features (e.g., enforcement for Google Safe Search and YouTube Restricted Mode) will be disabled. Ensure your existing DNS security solutions provide adequate threat protection before using this option.

  5. On the Authentication page, configure whether users must sign-in to the Jamf Trust via your organization's identity provider to enroll devices, and then click Next.

    User credentials (SSO) is required to enable Jamf Connect Zero Trust Network Access or use identity-based provisioning.

  6. On the Advanced settings page, specify additional settings for the profile, such as the profile's expiration date.

    Available settings depend on which service capabilities you selected for the activation profile.

  7. On the Naming and grouping page, enter general information about the profile:
    1. Enter a descriptive name for the activation profile.
      Best Practice:

      Use descriptive names and a consistent naming convention for all activation profiles in your environment.

    2. Choose a device group to associate with the profile.
      Devices that use the activation profile to enroll are automatically added to this group in the Jamf Security Cloud portal.
      Note:If UEM Connect is configured, this group is overwritten during the next UEM Connect sync.
  8. On the Review page, confirm the details of the activation profile and then click Save and create.
You can now use the activation profile to enroll devices with the Jamf Security Cloud portal.

To view your activation profiles in the Jamf Security Cloud portal, navigate to Devices > Activation Profiles.

To distribute the activation profile and Jamf Trust app to devices you want to enroll, see Distribution Methods for the Jamf Trust App.