{"id":115479,"date":"2024-10-30T16:31:50","date_gmt":"2024-10-30T20:31:50","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=115479"},"modified":"2025-02-07T10:00:20","modified_gmt":"2025-02-07T15:00:20","slug":"configure-account-driven-enrollment","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment","title":{"rendered":"Configure Account-Driven Enrollment"},"content":{"rendered":"\n<p>This article explains how to enable and configure account-driven user enrollment within the JumpCloud Admin Portal. You must configure enrollment before users are able to enroll their iOS and iPadOS devices to be managed by your organization.<\/p>\n\n\n\n<p>Account-driven enrollment is the preferred method for enrolling Apple iOS\/iPadOS devices into JumpCloud MDM. With this method, end users can enroll their devices directly by using a Managed Apple Account provided by your organization instead of downloading a profile from an external link or scanning of a QR code in the JumpCloud User Portal.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>This process must be used for all devices running iOS\/iPadOS 18 or later. Profile-based user enrollment, where the user downloads a configuration profile onto their device, will fail for personal device enrollments on devices running iOS\/iPadOS 18 or later.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Account-driven user enrollment is supported on iOS\/iPadOS 15 and later.<\/li>\n\n\n\n<li>Account-driven user enrollment on macOS and visionOS is not supported in JumpCloud at this time.<\/li>\n\n\n\n<li>Account-driven device enrollments are not supported in JumpCloud at this time.<\/li>\n<\/ul>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Users must have a Managed Apple Account (formally known as Managed Apple ID, or MAID) associated with their JumpCloud user account. Jump to <a href=\"#creating-managed-apple-accounts\">Creating Managed Apple Accounts<\/a><\/li>\n\n\n\n<li>Your Apple Business Manager must be configured correctly to validate that the Apple account used to sign in to iCloud is managed by your organization.\n<ul>\n<li>In Apple Business Manager, go to <strong>Access Management<\/strong> &gt; <strong>Apple Services<\/strong> and set <strong>Allow Managed Apple Account<\/strong> to <strong>Any<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-creating-managed-apple-accounts\">Creating Managed Apple Accounts<\/h2>\n\n\n\n<p>First, create Managed Apple Accounts either through federated authentication between Apple and your identity provider (Google Workspace, Microsoft Entra ID, or other)*, or manually in Apple Business Manager or Apple School Manager.<\/p>\n\n\n\n<p>*Federation between Apple and JumpCloud is in active development.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Reference the following Apple documentation on creating Managed Apple Accounts:<\/p>\n\n\n\n<ul>\n<li>(PDF) <a href=\"https:\/\/www.apple.com\/business\/docs\/site\/Overview_of_Managed_Apple_IDs_for_Business.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Overview of Managed Apple IDs for Business<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/support.apple.com\/guide\/deployment\/managed-apple-ids-depcaa668a58\/web\" target=\"_blank\" rel=\"noreferrer noopener\">Managed Apple IDs for Apple devices &#8211; Apple Support<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/support.apple.com\/en-gb\/guide\/apple-business-manager\/axmb19317543\/1\/web\/1\" target=\"_blank\" rel=\"noreferrer noopener\">Intro to federated authentication with Apple Business Manager<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/support.apple.com\/guide\/apple-business-manager\/use-managed-apple-ids-axm78b477c81\/web\" target=\"_blank\" rel=\"noreferrer noopener\">Use Managed Apple IDs in Apple Business Manager &#8211; Apple Support<\/a><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p>After the Managed Apple Accounts are created, they need to be associated with JumpCloud user accounts.&nbsp;See <a href=\"https:\/\/jumpcloud.com\/support\/run-the-maid-import-script\">Run the MAID Import Script<\/a> for instructions.<\/p>\n\n\n\n<p>Next, set up a well-known URL on your domain. Depending on the method you choose, you will host an enrollment file at this URL directly or you will place a redirect from this URL to the JumpCloud service discovery URL.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-setting-up-a-well-known-url\">Setting Up a Well-Known URL<\/h2>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>The well-known URL must be hosted on a domain that can handle HTTP GET requests and is the same domain that your end users sign in to. This allows devices to initiate a service discovery process to retrieve the information and direct your users to the JumpCloud enrollment endpoint.<\/li>\n<\/ul>\n\n\n\n<p>On your web server, implement the following well-known URL for MDM service discovery, replacing <code>yourdomain.com<\/code> with your org&#8217;s domain:<\/p>\n\n\n\n<p><code>https:\/\/<code>yourdomain.com\/.well-known\/com.apple.remotemanagement<\/code><\/code><\/p>\n\n\n\n<p>Next, configure the redirect from this URL or host a file at this URL.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-a-redirect\">Configuring a Redirect<\/h2>\n\n\n\n<p><strong>To configure account-driven user enrollment using a redirect:<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to <strong>DEVICE MANAGEMENT<\/strong> &gt; <strong>MDM<\/strong>. <\/li>\n\n\n\n<li>On the <strong>Apple<\/strong> &gt; <strong>Home<\/strong> tab, scroll to <strong>iOS Enrollment<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Account-driven User Enrollment Configuration<\/strong>, select <strong>Redirect<\/strong>.<br><img decoding=\"async\" width=\"2384\" height=\"1502\" class=\"wp-image-116583\" style=\"width: 1200px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png 2384w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect-300x189.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect-1024x645.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect-768x484.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect-1536x968.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect-2048x1290.png 2048w\" sizes=\"(max-width: 2384px) 100vw, 2384px\" \/><\/li>\n\n\n\n<li>On your web server, define a redirect rule from the well-known URL you implemented above to the JumpCloud service discovery URL, making sure to place your JumpCloud org ID accordingly.\n<ul>\n<li>From: <code>https:\/\/yourdomain.com\/.well-known\/com.apple.remotemanagement<\/code><\/li>\n\n\n\n<li>To: <code>https:\/\/apple.mdm.jumpcloud.com\/account-driven-service-discovery?organization_id=XXXXXXXXXXXXXXX<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>The steps to configure the redirect will look different depending on your solution. Below are resources for placing a redirect with popular web servers:<\/p>\n\n\n\n<ul>\n<li>Apache: <a href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_alias.html#redirect\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Redirect Directive<\/a><\/li>\n\n\n\n<li>NGINX: <a href=\"https:\/\/nginx.org\/en\/docs\/beginners_guide.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Beginner&#8217;s Guide<\/a><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-configuring-a-redirect-in-cloudflare\">Configuring a Redirect in Cloudflare<\/h3>\n\n\n\n<p>See <a href=\"https:\/\/developers.cloudflare.com\/rules\/url-forwarding\/single-redirects\/create-dashboard\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Cloudflare&#8217;s Create rule in the dashboard<\/a> for more information on this process.<\/p>\n\n\n\n<p><strong>To set up a redirect using Cloudflare Rules<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Log in to your Cloudflare account.<\/li>\n\n\n\n<li>Select the domain you want to redirect.<\/li>\n\n\n\n<li>From the <strong>Rules<\/strong> tab, click <strong>Redirect Rules<\/strong>.<\/li>\n\n\n\n<li>Click <strong>Create Rule<\/strong> and give the rule an descriptive name.<\/li>\n\n\n\n<li>Under&nbsp;<strong>When incoming requests match<\/strong>, select&nbsp;<strong>Wildcard pattern<\/strong>.<\/li>\n\n\n\n<li>In the <strong>Request URL<\/strong> field, enter&nbsp;<code>https:\/\/example-domain.com\/.well-known\/com.apple.remotemanagement*<\/code>&nbsp;where&nbsp;<code>example-domain.com<\/code>&nbsp;is your root domain. Remember to include the asterisk after com.apple.remotemanagement.<\/li>\n\n\n\n<li>In the <strong>Target URL<\/strong> field, enter&nbsp;<code>https:\/\/apple.mdm.jumpcloud.com\/account-driven-service-discovery?organization_id=XXXXXXXXXXXXXXXXXXXXX<\/code>&nbsp;where XXXXXXXXXXXXXXXXXXXXX is replaced with your JumpCloud Organization ID.<\/li>\n\n\n\n<li>For <strong>Status Code<\/strong>, choose 301.<\/li>\n\n\n\n<li>Leave&nbsp;<strong>Preserve Query String<\/strong> unchecked.<\/li>\n\n\n\n<li>Click <strong>Deploy<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>Once the redirect rule is active, any requests to the specified path will be redirected to the specified URL. It may take some time for the rule to take effect due to Cloudflare&#8217;s caching.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-configuring-a-redirect-in-shopify\">Configuring a Redirect in Shopify<\/h3>\n\n\n\n<p>See <a href=\"https:\/\/help.shopify.com\/en\/manual\/online-store\/menus-and-links\/url-redirect\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Shopify&#8217;s Creating and managing URL redirects<\/a> for more information on this process.<\/p>\n\n\n\n<p><strong>To set up a URL redirect in Shopify<\/strong>:<\/p>\n\n\n\n<ol>\n<li>From your Shopify admin, go to&nbsp;<strong>Settings<\/strong>&nbsp;&gt;&nbsp;<strong>Apps and sales channels<\/strong>.<\/li>\n\n\n\n<li>From the <strong>Apps and sales<\/strong> channels page, click<strong>&nbsp;Online store<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Open sales channel<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Navigation<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>View URL Redirects<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Create URL redirect<\/strong>.<\/li>\n\n\n\n<li>In <strong>Redirect from<\/strong>, enter&nbsp;<code>\/.well-known\/com.apple.remotemanagement<\/code><\/li>\n\n\n\n<li>In Redirect to, enter&nbsp;<code>https:\/\/apple.mdm.jumpcloud.com\/account-driven-service-discovery?organization_id=XXXXXXXXXXXXXXXXXXXXX <\/code>where <code>XXXXXXXXXXXXXXXXXXXXX<\/code> is replaced with your JumpCloud Organization ID.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Save redirect<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-configuring-a-redirect-in-squarespace\">Configuring a Redirect in Squarespace<\/h3>\n\n\n\n<p>See&nbsp;<a href=\"https:\/\/support.squarespace.com\/hc\/en-us\/articles\/205815308-URL-mappings\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Squarespace&#8217;s URL mappings documentation<\/a>&nbsp;for more information on this process.<\/p>\n\n\n\n<p><strong>To set up a URL redirect in Squarespace<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Open&nbsp;<strong>Developer Tools<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>URL Mappings<\/strong>.<\/li>\n\n\n\n<li>Click into the text field to add the redirect, following this format, where <code>XXXXXXXXXXXXXXXXXXXXX<\/code> is replaced with your JumpCloud Organization ID.:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p><code>\/.well-known\/com.apple.remotemanagement -&gt; https:\/\/apple.mdm.jumpcloud.com\/account-driven-service-discovery?organization_id=XXXXXXXXXXXXXXXXXXXXX 301<\/code><\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"4\">\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-a-self-hosted-file\">Configuring a Self-Hosted File<\/h2>\n\n\n\n<p>Although a self-hosted file is less flexible than a Redirect, it may be useful if you do not have access to your web server configuration. <\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For more information about the service discovery process, see Apple\u2019s <a href=\"https:\/\/developer.apple.com\/documentation\/devicemanagement\/discover_authentication_servers\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Discover Authentication Servers<\/a> from the Apple Developer website.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>To configure account-driven user enrollment using a self-hosted file:<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to <strong>DEVICE MANAGEMENT<\/strong> &gt; <strong>MDM<\/strong>. <\/li>\n\n\n\n<li>On the <strong>Apple<\/strong> &gt; <strong>Home<\/strong> tab, scroll to <strong>iOS Enrollment<\/strong>.<\/li>\n\n\n\n<li>Under <strong>Account-driven User Enrollment Configuration<\/strong>, select <strong>Self Host<\/strong>.<br><img decoding=\"async\" width=\"2384\" height=\"1502\" class=\"wp-image-116584\" style=\"width: 1200px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host.png 2384w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host-300x189.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host-1024x645.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host-768x484.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host-1536x968.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-self-host-2048x1290.png 2048w\" sizes=\"(max-width: 2384px) 100vw, 2384px\" \/><\/li>\n\n\n\n<li>A JSON configuration snippet appears. Click <strong>Download JSON<\/strong>.<\/li>\n\n\n\n<li>Publish the file on the well-known URL you created above.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-setting-up-a-web-server-to-host-the-file\">Setting up a Web Server to Host the File<\/h3>\n\n\n\n<p>To host the JumpCloud enrollment information on a web server, you must define the path to your web server. If the verified domain you use for Managed Apple Accounts is already configured to host files, you can host the enrollment information at the same hosting location. If your environment is not configured to do so, you must set up a web server to host the information.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>JumpCloud recommends consulting your internal web services and hosting team to help you complete this task.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>The web server must have the same fully qualified domain name (FQDN) as the verified domain that the Managed Apple Accounts belong to, and web services must be enabled.<\/li>\n\n\n\n<li>The SSL certificate for the web server must be issued by a trusted certificate authority. For a list of trusted root certificates, see Apple&#8217;s <a href=\"https:\/\/support.apple.com\/en-us\/105116\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">List of available trusted root certificates<\/a>.<\/li>\n\n\n\n<li>The JSON file must be hosted on a server that supports HTTPS GET requests. Requests contain query parameters, such as <strong>user-identifier<\/strong> and <strong>model-family<\/strong>, which are passed through to JumpCloud when the device is redirected for enrollment.<\/li>\n<\/ul>\n\n\n\n<p>The resulting URL for the file must be similar to the following, where <code>example_domain.com<\/code> is the same format and domain as the Managed Apple Accounts&#8217; email address: <code>https:\/\/example_domain.com\/.well-known\/com.apple.remotemanagement<\/code><\/p>\n\n\n\n<p>Configure the server to return the appropriate <strong>Content-Type<\/strong> header with the file, as follows: <code>Content-Type is &#8216;application\/json&#8217;<\/code><\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Your server software may refer to Content-Type as &#8220;MIME type.&#8221;<\/p>\n\n\n\n<p>For more information about how to modify the MIME type, see the following documentation:<\/p>\n\n\n\n<ul>\n<li>Apache: <a href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_mime.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Apache Module mod_mime<\/a> <\/li>\n\n\n\n<li>NGINX: <a href=\"https:\/\/docs.nginx.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Full Example Configuration<\/a> <\/li>\n\n\n\n<li>Microsoft: <a href=\"https:\/\/learn.microsoft.com\/en-us\/iis\/configuration\/system.webserver\/staticcontent\/mimemap\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Adding Static Content MIME Mappings<\/a> <\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-testing-the-enrollment-configuration\">Testing the Enrollment Configuration<\/h2>\n\n\n\n<p><strong>To test your configuration<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Back in the JumpCloud Admin Portal, under Under <strong>Account-driven User Enrollment Configuration<\/strong>, enter your domain in the <strong>Test Your Configuration<\/strong> field and click <strong>Test<\/strong>.<\/li>\n\n\n\n<li>If successful, the JumpCloud Admin Portal returns a success message: &#8220;Account-driven Configuration Successful for {Entered Domain}&#8221;<\/li>\n\n\n\n<li>Alternatively, if incorrectly configured, you will receive an error message similar to the following: \u201cAn error occurred. Account-driven Configuration for {Entered Domain} could not be verified.\u201d<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-troubleshooting-error-messages\">Troubleshooting Error Messages<\/h3>\n\n\n\n<ul>\n<li><strong>Verification failed to get a well-known URL. Please check your info and try again.<\/strong> &#8211; Invalid domain entered. Check the configuration.<\/li>\n\n\n\n<li><strong>An issue occurred during verification. Refer to the help article for remediation tips.<\/strong> &#8211; A status code other than 200 was returned. Check the configuration.<\/li>\n\n\n\n<li><strong>During verification, an unexpected content type was returned. Please check your info and try again<\/strong>. &#8211; Content not in JSON format was returned.<\/li>\n\n\n\n<li><strong>Either unknown content or improper content length was detected during verification. Refer to the help article for remediation tips.<\/strong> &#8211; Response length received from the domain was too large. Check the configuration, as we expect a simple JSON response.<\/li>\n\n\n\n<li><strong>Verification failed to read the response body. Refer to the help article for remediation tips. <\/strong>&#8211; Unreadable data in response. Check whether the response contains the proper data.<\/li>\n\n\n\n<li><strong>Verification failed to understand the JSON response. Refer to the help article for remediation tips.<\/strong> &#8211; Readable data was returned in unexpected JSON format. Check the JSON configuration.<\/li>\n\n\n\n<li><strong>There was an invalid configuration of a well-known URL response during verification. Refer to the help article for remediation tips.<\/strong> &#8211; Either the version or baseurl parameters in the JSON configuration is incorrect.<\/li>\n\n\n\n<li><strong>There were too many redirects during verification. Refer to the help article for remediation tips.<\/strong> &#8211; Check that the well-known url is properly redirected and not in a redirection loop.<\/li>\n<\/ul>\n\n\n\n<p>After ADUE has been configured in the Admin Portal, users can follow the steps to enroll their devices (iOS 15+). See <a href=\"https:\/\/jumpcloud.com\/support\/users-enroll-your-personal-ios-device\" target=\"_blank\" rel=\"noreferrer noopener\">Users: Enroll Your Personal iOS Device<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>In order for users to enroll their devices, you must select the option to <strong>Allow users to enroll personal mobile devices and access Enroll Your iOS Device in the User Portal<\/strong>.<\/p>\n\n\n\n<p><img decoding=\"async\" width=\"2384\" height=\"1502\" class=\"wp-image-116581\" style=\"width: 1200px\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow.png 2384w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow-300x189.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow-1024x645.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow-768x484.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow-1536x968.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/personal-device-enrollment-allow-2048x1290.png 2048w\" sizes=\"(max-width: 2384px) 100vw, 2384px\" \/><\/p>\n <\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>This article explains how to enable and configure account-driven user enrollment within the JumpCloud Admin Portal. You must configure enrollment [&hellip;]<\/p>\n","protected":false},"author":206,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,2995],"support_tag":[],"coauthors":[2842],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configure Account-Driven Enrollment - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to configure account-driven user enrollment to enroll devices running iOS\/iPadOS 15 or later in JumpCloud MDM.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configure Account-Driven Enrollment\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-07T15:00:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"pamkellman\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment\",\"url\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment\",\"name\":\"Configure Account-Driven Enrollment - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png\",\"datePublished\":\"2024-10-30T20:31:50+00:00\",\"dateModified\":\"2025-02-07T15:00:20+00:00\",\"description\":\"Learn how to configure account-driven user enrollment to enroll devices running iOS\/iPadOS 15 or later in JumpCloud MDM.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png\",\"width\":2384,\"height\":1502},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Configure Account-Driven Enrollment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Configure Account-Driven Enrollment - JumpCloud","description":"Learn how to configure account-driven user enrollment to enroll devices running iOS\/iPadOS 15 or later in JumpCloud MDM.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment","og_locale":"en_US","og_type":"article","og_title":"Configure Account-Driven Enrollment","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment","og_site_name":"JumpCloud","article_modified_time":"2025-02-07T15:00:20+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"9 minutes","Written by":"pamkellman"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment","url":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment","name":"Configure Account-Driven Enrollment - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png","datePublished":"2024-10-30T20:31:50+00:00","dateModified":"2025-02-07T15:00:20+00:00","description":"Learn how to configure account-driven user enrollment to enroll devices running iOS\/iPadOS 15 or later in JumpCloud MDM.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/10\/adue-redirect.png","width":2384,"height":1502},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/configure-account-driven-enrollment#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Configure Account-Driven Enrollment"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/115479"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/206"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/115479\/revisions"}],"predecessor-version":[{"id":120736,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/115479\/revisions\/120736"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=115479"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=115479"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=115479"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=115479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}