Skip to main content
Solved

User-Initiated Enrollment - LDAP/Managed AppleIDs necessary?

  • July 7, 2025
  • 6 replies
  • 165 views
DLippold
Forum|alt.badge.img+1

Hello,

 

So I’m curious about whether we need to have either an LDAP server setup or issue managed AppleIDs in order to utilize user-initiated enrollment.

I made a user and user group in JAMF Pro thinking it would allow for enrolling a device and that I could give my end users a single set of credentials to then get the MDM profile and configuration to everyone. However during the enrollment, I get stuck on a page which mentions “Assign to User” with a blue magnifying glass and Enroll button which don’t seem to react, no matter what I enter. Perhaps this is not possible, but it’s what I’m hoping to find out here. 

Can I use a single JAMF Pro user to log in all my end users for user-initiated device enrollment? Or must we set up an LDAP server/get managed IDs?

Context: We are doing a big push for new devices soon, and currently we have no self-enrollment, meaning our IT department would have to manually enroll every phone. We are looking for an alternative solution to avoid that. We do not use managed Apple IDs.

All devices are company owned, none personal.

Thank you for your time.

Best answer by A_Collins

You do not need to enter any name there. If you just click enroll without entering any text, it will proceed to next step. As far as I know, it can not read from managed Apple IDs

6 replies

A_Collins
Forum|alt.badge.img+11
  • A_Collins
  • Contributor
  • Answer
  • July 8, 2025

You do not need to enter any name there. If you just click enroll without entering any text, it will proceed to next step. As far as I know, it can not read from managed Apple IDs

DLippold
Samstar777
Forum|alt.badge.img+11
  • Samstar777
  • Valued Contributor
  • July 8, 2025

If you click on Enroll, The enrollment should go through.

Usually, when you want to set up a user for JAMF Pro, you’ll either need to set up an LDAP server or use managed Apple IDs. This makes it easier for users to sign in and get their devices set up.

Now, I know you’re planning to deploy a lot of new devices, and you don’t have a self-enrollment setup yet. Here are a few things you can do to get started:

1. Set up an LDAP server: This will make it super easy for users to sign in and get their devices set up. It’ll also help you manage your devices better and make sure everyone is following the rules.

2. Use Pre-Stage Enrollment through Apple Business Manager: This is a way to automate the device enrollment process. It doesn’t require managed Apple IDs, but you’ll need to supervise the process and assign devices to users through Apple Business Manager.

3. Batch enrol devices: If you don’t want to set up an LDAP server or use Pre-Stage Enrollment, you can batch enrol devices through automated device enrollment. This means that IT can handle the initial setup, but you won’t have to do it yourself.

Since all the devices are company-owned, I think Pre-Stage Enrollment might be the best option for you. It’ll save you a lot of time and effort, and it’ll help you make sure that everything is set up correctly.

I hope this helps! If you have any other questions, feel free to ask.

mvu
Forum|alt.badge.img+20
  • mvu
  • Jamf Heroes
  • July 8, 2025

Are you able to move to Automated Device Enrollment, or DEP, in your organization for these new devices?

mfletch
DLippold
Forum|alt.badge.img+1
  • DLippold
  • Author
  • New Contributor
  • July 8, 2025

@A_Collins 

I didn’t think for a moment to leave it empty! That did it! My problem now is that it won’t take the MDM profile because it is not “removable.” And since these are company owned devices, of course we don’t want the MDM being removable. I will have to investigate this. However...

@Samstar777 ​@mvu 

I believe I got my thought trains crossing paths; We are set up for auto-enrollment, but what I had in mind that would get in my way is actually the activation locks, not the enrollment! My mistake...
I think what we will do is remove the activation lock for a short time to allow everyone to set up their own new phones and then use JAMF to reactivate the activation locks later. This will also get around this business about making a “removable MDM profile.”

Does it sound like I’m back on track? 

Thank you so much for your responses!

mvu
Forum|alt.badge.img+20
  • mvu
  • Jamf Heroes
  • July 8, 2025

Not sure. How is the activation lock impeding you?

If you need to manage it, you can also do this through Apple Business Manager itself now.

 

 

DLippold
Forum|alt.badge.img+1
  • DLippold
  • Author
  • New Contributor
  • July 8, 2025

@mvu 

We would like the activation lock on at all times normally. It is impeding when a user goes through the iPhone startup screens with it on, and the activation lock prompts for the DEP credentials.

For the sake of the deployment, we would have to turn it off to allow users to get around it, and then once everyone is in, we’d reactivate the activation lock. 

Terms & ConditionsCookie settingsAccessibility statement