.png)
The MDM-Prestage-User-Enrollment workflow is designed to minimize work for JumpCloud admins. JumpCloud admins can leverage Apple Automated Enrollment, MDM and JumpCloud to provision devices during device enrollment.
With the aim to Make Work Happen™, the MDM-Prestage-User-Enrollment workflow offers JumpCloud and MDM admins a true zero-touch enrollment experience.
An implementation of the MDM-Prestage-User-Enrollment workflow allows JumpCloud admins to deploy company-owned, MacOS computers to employees around the globe before ever opening the box.
If you have been using this tool in previous versions of macOS, please note that the default version of openssl on mac has changed. The latest version of this script was updated to support Ventura's version of LibreSSL. Please merge your changes from this release into your script if you wish to continue using this script on Ventura systems.
With other MDM vendors taking advantage of SSO authentication during enrollment, it's unlikely this script has much of a use case nor will it see much future development. As is the case with JAMF, enabling JumpCloud SSO authentication during enrollment will assign the first user of the system to be the username of JumpCloud user who authenticated during enrollment (assuming your usernames match the email convention i.e. username = username & email = username@domain.com).
This workflow essentially negates the need for the entirety of this script.
A post enrollment script can be used then to:
- Install the JumpCloud Agent Silently
- Search JumpCloud users by username on system
- Assign the authenticated user to the system
Apple Automated Deployment (formally, and more commonly known as DEP) enables admins to build Zero-Touch workflows for their employees. A Mobile Device Management Server (MDM) is leveraged to pass configuration settings and an enrollment interface to Apple MacOS computer. Apple and a MDM verify that the MacOS device is under your organizations purview. JumpCloud verifies the identify of a user during enrollment and activates their account on currently enrolled MacOS computer.
During enrollment, existing or pending JumpCloud users are asked to prove their identity. A user who authenticates successfully is provisioned with an account from JumpCloud. Existing users can retain their JumpCloud credentials, new users are prompted to create their password during enrollment
The MDM-Prestage-User-Enrollment workflow is designed to empower admins to automate their enrollment process.
Continue to the project wiki to start building your own Zero-Touch workflow. Check out our webinar on MDM Prestage User Enrollment for more information.