Enroll MacOS Devices with User Approval

If your devices were not added to your Apple Business Manager (ABM) or Apple School Manager (ASM) account, you cannot use Apple’s Automated Device Enrollment to enroll devices. You can instead enroll those devices with user approval by following the procedures below. These procedures do not use Apple's Automated Device Enrollment. 

Note:

If you use macOS 11.0 (Big Sur) or later and your device was not enrolled via Automated Device Enrollment, then you must manually download your organization's MDM enrollment file, distribute it, and install it as described below. If you use macOS 10.15 (Catalina) or earlier and your device was not enrolled in Automated Device Enrollment, you can use a policy to create, distribute, and install an MDM enrollment file. See Create a Mac MDM Enrollment Policy.

To enroll a device with user approval, you’ll need to download and distribute your organization’s JumpCloud MDM enrollment profile file. Enrollment profiles aren't device-specific, and you can download the profile file using a link on a device's JumpCloud MDM tab. The disadvantage of enrolling devices with this method is that the process can be time-intensive and might require physical access to the machine.

Tip:

If your macOS devices were added to ABM or ASM, you can use Automated Device Enrollment to enroll those devices in MDM.

Perform these steps to enroll a device without using Automated Device Enrollment:

  1. Download your organization's MDM enrollment file.
  2. Distribute the enrollment file and install it on each user's device. This action also installs the JumpCloud agent.
  3. Bind a device to the user.

Prerequisites:

Tip:

Tip: If you have already installed the JumpCloud agent on a macOS device, you can create a JumpCloud enrollment profile to enroll the device in MDM without manually distributing the policy. See Create a Mac MDM Enrollment Policy. Then, you’ll need to bind the device to a user as described below.

Downloading Your Organization’s MDM Enrollment File

To download your organization’s enrollment profile:

Completing this task gives you an enrollment profile that you will use to enroll devices.

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. Go to DEVICE MANAGEMENT > MDM.
  3. On the Home Page under MDM Configuration, click download profile. You can download the enrollment profile directly to each device or download the file and distribute it to multiple devices.
  4. Click Save.

After you download the enrollment profile, you’ll distribute and install it on the devices you want to manage. Installing the enrollment profile also installs the JumpCloud agent. 

Distributing and Installing the Enrollment Profile

To distribute and install the enrollment profile:

  1. Distribute (either through email or a physical transfer) the enrollment profile file to each user. The user must have admin privileges on the device. If you email the enrollment profile file to users, note that JumpCloud enforces settings that are applied to a device and not a specific user. When transferring files physically, USB ports can be disabled by a policy, so check your policies in the JumpCloud Admin Portal if you are using this method. 
  2. Users install the enrollment profile on their devices and then approve the enrollment profile. See Create a Mac MDM Enrollment Policy. The settings in the enrollment profile are enforced on each device regardless of who uses it. Verify that the user is on the device you want to manage when the user installs and approves the enrollment profile. 
  3. After the user installs the profile, the user must log out of the device and log back in (or lock and unlock the device). This action creates the service account on the macOS device.

Binding a Device to the User

To bind a device to a user:
The local username on the device must exactly match the JumpCloud username. See Take Over an Existing User Account with JumpCloud.

  1. Verify that the service account was created for the macOS device. See Install and Use the Service Account for MacOS.
  2. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  3. Go to USER MANAGEMENT > Users.
  4. Select a user.
  5. Select the Devices tab and select the device that you want to bind to this user.
  6. To bind the user to a device, click save user
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case