Are these machines already managed with Jamf? We’re not currently using JSM for our own environment, but I do keep an eye on it just in case our current tools (modified DEP-Notify) suddenly become unusable.

As for a site or place to ask questions, jump on the MacAdmins Slack and add the channel for it #jamf-setup-manager

https://github.com/jamf/Setup-Manager/tree/main

​@Chris_Hafner Nope, these particular machines are not already managed in any state. They’ve all been in use for months or years before we implemented Jamf in our environment. We’re trying to bring them into the fold so that we 1) know about them, and 2) can attempt to manage them.

Thanks for the info about the Slack channel. I’ll try posing my question there as well!

it’s actually not bad. Scope the profile to all machines, put the PKG in a policy scoped to computers that have the profile and run it from Self Service. I use it for any time I need to re-run JSM.

​@mattjerome - That’s an idea I hadn’t even thought of yet, so thanks for the suggestion! 😊

In this case, these computers aren’t in Jamf yet, nor in Apple School Manager. These would be ones out in the wild that our techs may come across in their duties. I found this from Michigan State University that comes pretty close to what I’m looking to do: tech/customer does a user-initiated enrollment via the web, and JSM automatically runs afterwards to do some registration/configuration stuff.

https://tdx.msu.edu/TDClient/32/Portal/KB/ArticleDet?ID=1533

I’m interested in this as well. I’m unclear if this is recommended/supported for Jamf Setup Manager (JSM), which seems intended for post-prestage installs, and anything after login, hand off to macOS Onboarding. Maybe macOS Onboarding is a better DEPNotify replacement for user-initiated enrollments? Or can JSM be shoehorned into this role too? 

Hi ​@barret55 ,

You’re getting closer. Before you proceed with this step (https://tdx.msu.edu/TDClient/32/Portal/KB/ArticleDet?ID=1533),
you’ll need to prepare the JSM Apps and the JSM Configuration Profiles (Application & Custom Settings > Jamf Applications). Once you’ve completed these two preparations,
then you can enroll the Mac using user-initiated enrollment from a web browser.

​@czarmark we started looking at JSM specifically for replacing DEPNotify which we currently use for both DEP and User Initiated (Device/profile based) enrollment here. It seemed to work fine in our testing, though the current version warns to be sure you’re not using other policies with “Enrollment Complete” as a trigger. 

I do keep waiting/hoping for more native onboarding tools. Which it the primary reason we’re still happily sitting on DEPNotify instead of moving to a new 3rd party tool. However, if I was starting fresh, JSM seems the way to go while we wait.

Hi ​@agungsujiwo! I already have a configuration profile cloned and ready to use for this process. The part that I’m struggling with is I can’t figure out how run that JSM process from a user-initiated enrollment. I can’t find any documentation or guidance anywhere on the step-by-step process of how to set it up and make it work. The site clearly shows that it can be done, but how is it done? This is the part that I can’t figure out. 😂

​@barret55 , ​@mattjerome  has a great point on this one!

Now, if you take that very same policy he mentions and add the “Enrollment Complete” trigger, my guess is that would sort it out for you. As you know, the only thing is that the Profile needs to be loaded on the machine before the trigger. If you have the profile scoped properly, it should end up on the machine well ahead of the Enrollment Complete trigger, and if it didn’t you could still launch it from Self-Service after the fact. 

If you wanted to be extra smooth about it you could build in some logic or a script to ensure all of this in advance, but I’m guessing it would work fairly well!

I think this sounds like the part I’m trying to figure out. How would I get the profile onto the computer as part of the user-initiated enrollment, and secondly, how would I then get it to execute once the enrollment is complete? 

The last time I actively used Jamf was wayyyyyy back when I had it installed on an Apple XServe, so I’m pretty much starting from zero again. 😅

​@barret55 Here are some steps you can use:

1. Create a smart group for devices enrolled with User Initiated enrollment
2. Scope the profile to that smart group
3. Make a smart group for computers that have the profile
4. Make the policy available to those in the smart group that have the profile

I like using the self service method to have a bit more control on when it launches. Techincally, because the profile is reliant on smart groups which update at inventories, enrollment complete could be before your workflow with the smart groups is complete thus potentially causing a problem.