Help

DEP iPads Prestage enrollment with LDAP intergration

Go to solution
reon
Contributor

Posted on ‎06-13-2016 05:44 AM

Hi everyone, I'm new to JSS and seeking professional advices of yours.

My company intends to purchase 100 units of iPads under DEP, but need to clear some haze in mind before doing it.

We have list of employee details from Apple open directory, LDAP had been configured.

Instead of we pre-assigned iPad-A to User-A, iPad-B to User-B and iPad-C to User-C, we are considering every individual employee randomly pick an iPad, switch it on, login in with LDAP credential, and JSS will pick up the info from LDAP and auto input user's details into Users management, such as Name, email address, department and etc.

From JSS, we shall see which iPad has been auto assigned to different users based on their LDAP credential, and 'Configuration Profiles' will be pushed to different iPad accordingly.

May I know if all these are possible to be done? I can't find much information about prestage enrollment so I need someone to guide me, thanks for reading.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
yan1212
Contributor

Posted on ‎06-13-2016 08:15 AM

Hi Reon,

What you describe can indeed be done. The process involves a number of steps and no-doubt you'll adjust as you learn more and dive deeper into it.

In broad strokes you'll need to :

  • Have a DEP account that is connected with your JSS that has LDAP configured (presumably you're past that point based on your post)
  • Configure a Pre-stage that has the "Require Authentication" option enabled. This will force the iPad to prompt for LDAP credentials during setup. The device will then be enrolled against those credentials and the information you hold in your LDAP for that user will be used.
  • If you use only one Pre-Stage then you can enable the "Automatically assign new devices" option. This way you will not have to add devices manually overtime they are purchased. There are valid reasons to keep this a manual operation if you prefer, it depends on your environment really.
  • Scope your configuration profiles to smart groups (or all devices) and post-enrolment they will be applied. Configuration profiles can range from simple preferences to complicated configurations so I'd advise you start small and build up.

There is a lot more to consider but I think this is enough for a start. Once you understand the logic behind Pre-Stages I'm sure things will make more sense and you'll start fine-tuning according to your needs.

Hope this helps.

View solution in original post

1 REPLY 1

Go to solution
yan1212
Contributor

Posted on ‎06-13-2016 08:15 AM

Hi Reon,

What you describe can indeed be done. The process involves a number of steps and no-doubt you'll adjust as you learn more and dive deeper into it.

In broad strokes you'll need to :

  • Have a DEP account that is connected with your JSS that has LDAP configured (presumably you're past that point based on your post)
  • Configure a Pre-stage that has the "Require Authentication" option enabled. This will force the iPad to prompt for LDAP credentials during setup. The device will then be enrolled against those credentials and the information you hold in your LDAP for that user will be used.
  • If you use only one Pre-Stage then you can enable the "Automatically assign new devices" option. This way you will not have to add devices manually overtime they are purchased. There are valid reasons to keep this a manual operation if you prefer, it depends on your environment really.
  • Scope your configuration profiles to smart groups (or all devices) and post-enrolment they will be applied. Configuration profiles can range from simple preferences to complicated configurations so I'd advise you start small and build up.

There is a lot more to consider but I think this is enough for a start. Once you understand the logic behind Pre-Stages I'm sure things will make more sense and you'll start fine-tuning according to your needs.

Hope this helps.