By Zach DeMeyer Posted April 11, 2019
What is the definition of zero-touch deployment for Macs®? As Apple® macOS® systems continue to infiltrate the enterprise, IT admins are looking for the most efficient way to onboard their Mac users and secure their identities. In an ideal world, an end user could take their Mac machine out of its box and be instantly ready to get to work. Well, that’s exactly how zero-touch deployment for Macs works, and it’s now available using JumpCloud® Directory-as-a-Service® and select MDM (mobile device management) platforms that support integration with JumpCloud LDAP.
What is a Zero-Touch Deployment?
“Zero-touch” is a term used to describe the transformation of a manual IT process into a fully automated workflow. For Mac admins, preparing macOS devices for employees is tedious and time-consuming, and can be radically disrupted by configuring a zero-touch workflow.
As a whole, zero-touch deployments eliminate the commodity workload associated with preparing and configuring machines for end users. Admins can reduce their overall workload and delight their new employees by leveraging the JumpCloud directory in conjunction with an MDM platform.
Zero-Touch with JumpCloud
Zero-touch deployment for Mac starts when an IT admin registers their Mac system’s serial number into an MDM solution that supports LDAP using Apple Device Enrollment (formerly DEP). JumpCloud works in cooperation with the DEP and the MDM to authenticate users to the MDM profile installation during the native Mac startup process. By doing so, potential organizational security issues, such as Apple ID or MDM profile hijacking, are subverted.
All of the above processes go to work as soon as the user logs into their system for the first time using a set of valid JumpCloud credentials. This means, in essence, the admins do not need to boot up Macs anymore to prepare them for onboarding end users. Admins can drop ship machines to end users and, once users receive their machine, they can simply take it out of the box, turn it on, and instantly access all of their IT resources with a single credential.
In order to implement zero-touch in your JumpCloud environment, you first need an Apple DEP account and an MDM that supports integration with JumpCloud LDAP for MDM profile authentication. JumpCloud’s Directory-as-a-Service integrates cohesively with most MDM solutions, but currently, Jamf Pro and Workspace One are the two that best cooperate in regards to zero-touch deployment for Macs, with others currently under assessment.
Defined in the linked GitHub tutorials above are steps admins can take within their chosen MDM to automatically download the JumpCloud system agent to machines and auto associate users to their systems in JumpCloud. By associating users to systems in JumpCloud, admins can take advantage of all the benefits and security of JumpCloud’s Directory-as-a-Service, and ensure that end users can leverage a single set of credentials to access all of their IT resources.
Admins use JumpCloud’s LDAP-as-a-Service to authenticate user identities to their MDM profile, which then utilizes the Apple DEP to deliver the MDM profile and kick off the onboarding process which includes installation of the JumpCloud agent. Admins can then add JumpCloud authentication and automate user-to-system association in their MDM payload, completing their zero-touch user onboarding workflow.
Not a JumpCloud Customer?
If you are not a JumpCloud customer, but are interested in zero-touch deployment for Macs, consider trying JumpCloud today. A JumpCloud account is completely free, and includes ten permanent free users to get you started. If you have any questions about zero-touch Mac deployment with JumpCloud, please contact us.