Enrolling iPads into the JAMF Casper MDM solution is done through Apple Configurator, messages or using links deployed to iOS devices as web clips. When doing larger deployments the enrollment process can be automated so that devices are automatically enrolled into Casper MDM when they are set up using an Enrollment Profile that is manually downloaded from Casper and deployed to device. Additionally, a certificate can be needed if the certificate is not included in the profile, an option available as a checkbox in the setup. While you hopefully won’t need to download the certificate, we’ll start there:
Obtain the Certificate for the JSS Server
To obtain the trust certificate from the JSS Server:
Download the Enrollment Profile
- Open the web interface for the JSS.
- When prompted to trust the certificate, click on the disclosure triangle and then the checkbox to trust the cert, providing the administrative credentials when prompted.
- Open Keychain Utility.
- Click in the search field.
- Search for JSS.
- Control-click on the name of your server’s “Built-in Certificate Authority” entry.
- Choose the option to Export.
- When prompted, provide a name for the certificate in the Save As fiel.
- Choose a location to save the certificate to using the Where field.
- The .cer format is sufficient for our purposes.
- Click Save.
To download an enrollment profile from Casper MDM:
- Log into the web interface of the JSS.
- Click on the link for Mobile Device Enrollment
- At the Mobile Device Enrollment Invitations screen, click on the Enrollment Profiles tab.
- At the Enrollment Profiles screen, click on Download for the appropriate profile (for most environments there should only be one)
- Once the profile is downloaded, it will automatically attempt to enroll the computer you are downloading it from in the Profiles System Preferences pane.
- Click on Cancel.
- Click on the downloads link in Safari.
- Click on the magnifying glass icon to see the .mobileconfig file.
You have now downloaded the .mobileconfig file that will enroll devices into Casper MDM.
Add the Profile To Apple Configurator:
To deploy the profile through Apple Configurator:
Deploy The Casper MDM Enrollment Profile Through Apple Configurator
- Open Apple Configurator on the client computer.
- Click on Prepare in the row of icons along the top of the screen.
- Drag the profile (by default currently called MDM-iOS5.mobileconfig) from the Finder into the list of Profiles.
- The profile then appears in Apple Configurator (in this example, called MDM-iOS5).
Once the profile is installed in Apple Configurator, let’s deploy it. In this example, don’t configure any other options. To deploy:
- Set the name to be blank, numbering should be disabled, Supervision should be off, iOS should be set to No Change, “Erase before installing” should be unchecked, Don’t Restore Backup should be set in the Restore field.
- Check the box for the newly added profile (MDM-iOS5 in this example).
- Click on the Prepare button.
- At the “Are you sure you want to apply these settings to all USB-connected devices?” screen, click on the Apply button.
- The subsequent screen shows when devices are being configured. Here, dock the device to receive the profile (note, all docked iOS devices are going to be configured with this profile).
- Once the device is connected, the profile will begin to install. You are then prompted to “Tap device to install profile”.
- On the device, tap on the Install button.
- At the Warning screen, tap Install.
- Once the Profile is installed, tap Done.
- You have now been enrolled.
If you then wish to unenroll, simply remove the profiles by tapping on profiles and then tapping on the Remove button. Per the MDM API, a user can elect to remove their device from management at any point, so expect this will happen occasionally, even if only by accident.
krypted August 8th, 2012
Posted In: iPhone, Mass Deployment
Apple Configurator, automate enrollment, CA, Casper, casper suite, enroll, export certificate, iPad, iPhone, ipod touch, JAMF, JSS, keychain utility, mass enrollment, mdm, mobile device management, trust