Integrating Jamf Pro with JumpCloud’s LDAP-as-a-Service allows IT teams to create seamless and streamlined zero-touch onboarding workflows for Mac fleets.
The guide linked below illustrates how to configure a zero-touch macOS onboarding experience using the Apple Device Enrollment Program (DEP), Jamf Pro, and JumpCloud.
“Zero-touch” is a term used to describe the transformation of a manual IT process into a fully automated workflow.
Preparing macOS devices for employees of an organization is a tedious and time-consuming process that can be radically disrupted using the methods described in the linked guide. Implementing these workflows can save days worth of work for IT teams and allow organizations to rapidly scale their macOS environments.
The Apple Device Enrollment Program (DEP) is the core platform that allows IT teams to automate the onboarding and setup of macOS devices. This process is facilitated through the assignment of company purchased devices to Mobile Device Management (MDM) platforms in the DEP portal. When these macOS devices come online for the first time, the devices check in with Apple DEP and get assigned to appropriate MDM server. The MDM server then automatically deploys and installs payloads to the supervised machines.
This payload can be tailored to drive zero-touch workflows and is dependant on the capabilities of the MDM platform.
Jamf Pro offers a number of advanced zero-touch capabilities which include the installation of policies triggered by DEP enrollment and the ability to prompt users to log in with a valid set of JumpCloud credentials to authenticate the installation of the MDM payload.
By gating MDM enrollment with JumpCloud LDAP authentication, IT teams can drastically increase the security and extensibility of their zero-touch workflow options.
Using the JumpCloud directory for authentication during device activation ensures that accounts created during the initial out-of-box setup are valid JumpCloud accounts that can be managed by the JumpCloud agent.
Integrating Jamf Pro with JumpCloud LDAP-as-a-Service opens up new options to IT teams, including the ability to create zero-touch workflows instead of a single zero-touch workflow. This can be achieved by scoping Jamf policies to users in specific JumpCloud user groups.
Enrollment payloads, like application installs or the enforcement of a policy, can be mapped to the specific needs of the authenticated JumpCloud user via the users' JumpCloud user group memberships.
IT teams can create consistent and scalable onboarding workflows that will delight new hires, give HR confidence in the onboarding process, and transform the workload of their IT team.
The diagram below shows the technical relationships between DEP, Jamf Pro, and JumpCloud that can be configured to facilitate a zero-touch onboarding workflow.