Unify Device and Identity at Onboarding with Zero-Touch Enrollment

Written by Leia Schultz on March 16, 2021

Share This Article

Does your directory solution streamline IT operations and simplify your day? Especially for administrators supporting remote employees, shouldn’t your directory make onboarding new hires easier?

Today’s launch of Zero-Touch Enrollment for Macs in the JumpCloud Directory Platform enables admins to onboard employees using Mac machines in just a few minutes — without ever touching their user’s new Mac device. The addition of Zero-Touch Enrollment for Macs demonstrates the advanced MDM functionality that JumpCloud continues to add to its cloud directory platform, making it easier to consolidate tools and use JumpCloud for all device management needs. 

With Zero-Touch Enrollment enabled from a cloud directory, organizations can reduce risk, complexity, and costs that are associated with creating identities in multiple systems and standalone device management solutions. 

A Better Way To Onboard

Without Zero-Touch Enrollment, onboarding a new employee can be time consuming for both admins and the employee. Admins need to have physical access to configure the device and they will likely use multiple tools in their IT environment to create user identities and provide users with access to corporate IT resources. 

In a pandemic-driven, remote-first world, this means a new Mac first gets mailed to the admin who configures it for the user. Once that work is done, the Mac is repackaged and shipped to the user. After it arrives, a call is typically scheduled with the end user to walk through any necessary onboarding steps and additional set up required. That’s hours of time spent configuring and onboarding. On top of that, the creation of identities in multiple tools introduces complexity, as well as potential security vulnerabilities that could put sensitive data at risk.

JumpCloud brings every step of this process into a single cloud directory platform: within the main console, admins create a single user identity and connect a user’s device to that identity. The capabilities needed to create a user identity and set up their work device are unified in one place. The addition of Zero-Touch Enrollment lets admins provide a new user with secure access to every resource needed at first login.

Step by Step: JumpCloud Zero-Touch Enrollment

Step 1: Purchase a Mac through an Apple Business or School Manager account (formerly called Apple DEP) and ship it directly to the user: with JumpCloud’s Zero-Touch Enrollment, there is no need to map a user to a serial number; instead, the device will show up in the JumpCloud directory platform with the user already bound to it.

Apple Business or School Manager account (formerly called Apple DEP)
Step 1: With the touch of a button, admins can sync all macOS laptops and workstations into JumpCloud.

Step 2: Add the new device to the appropriate device group in JumpCloud, and it will automatically receive all the right group associations during bootup, including user group settings, policies, and commands. 

JumpCloud portal zero-touch enrollment screen
Step 2: The MDM dashboard gives admins a snapshot of their current deployment status and provides configuration options.

Step 3: Create the new employee’s user identity in JumpCloud and add the user to the appropriate JumpCloud user groups so the user has access to the right resources.

user dashboard mdm jumpcloud
Step 3: Creating user identities happens in the same interface as device management.

Step 4: The new employee receives the machine and uses their JumpCloud credentials to login. This first login triggers the machine to auto configure the user account and enable the access assigned to the user. 

jumpcloud login screenshot
Step 4: When new users boot up their machine, they are prompted to log in with their JumpCloud credentials right in line with the configuration process.

Step 5: When boot up is complete, the employee logs in to the JumpCloud user portal with the right access enabled for every app included in their user groups. And, admins can give users a passwordless path into their User Portal via the JumpCloud Mac App to make it even easier for employees to safely access work applications.

jumpcloud applications
Step 5: Once configured, users can immediately access their provisioned applications via the desktop tray app.

This standard Zero-Touch Enrollment addition to the JumpCloud directory platform makes life for admins easier and gives new employees a superior onboarding experience. JumpCloud offers more functionality to customize onboarding. We’ll cover that in part two of this series.

Try Zero-Touch Device Enrollment for Free 

Zero-Touch Enrollment in the JumpCloud Directory Platform empowers IT admins to remotely onboard and manage Mac devices, as well as give the device user access to authorized resources, without ever physically touching the machine first. Unlike other solutions, JumpCloud provides one place to control Apple MDM, identity management, and any Mac, Windows, or Linux devices to reduce your vendor footprint and complexity. 

Try it out for yourself: Set up a JumpCloud Free account in minutes to evaluate the full platform with up to 10 users and 10 devices. You’ll also have 24×7 premium chat support for your first 10 days in action as a JumpCloud Admin.

Leia Schultz

Leia is a product marketing manager at JumpCloud who focuses on the insights and device management products in the Directory Platform. A native Boulderite, she can be found frequenting local breweries, OZO coffee shops, and hot sauce suppliers, and enjoys seasonal outdoor activities like camping, biking, and skiing (which are all better when partnered with beer, coffee, and hot sauce).

Continue Learning with our Newsletter