Been mulling on an idea for a bit today and wanted to see what the Jamf Community are doing.
Current iPhone Setup
- I have ONE PreStage for ALL iPhones.
- I have a Smart Group which is scoped to the PreStage for iPhones.
- This Smart group is then scoped to ONE iPhone Configuration Profile where Passcode, Home Screen, Certs and 2 Restrictions are configured.
It's pretty simple and I can give users their phones and run through the rest of the set up with them. Users still need to connect to Wifi and configured their Gmail Accounts (we use GSuite at our School).
As a test i started to play around with the Google Account Profile. In doing so i realized the only way this works is if the iPhone is assigned to the user (which we pull from AD) in Inventory. The name can be assigned at PreStage or once the user has run through the set up, the user name can be applied in Inventory, then this device can be added to the Google Accounts Configuration Profile.
If names were applied at PreStage this would mean each iPhone would need their own PreStage profile. We only have 37 phones, so not a big deal.
If Inventory is updated AFTER the user has run through the set up, it defeats the purpose of 'Zero Touch' and we have to be there for the user so we can add the Device to the Google Account Configuration Profile.
What are people doing regarding this? Am I missing something obvious? (things get blurry after a few hours).
Do I need to create a PreStage for EACH iPhone user or wait until the phone is set up then add the user to the Google Configuration Profile?
In your prestige, you can authenticate to an LDAP source. This assigns the usernames to the device right away. You can then use this username in Email and Google configuration profiles with the variable listed in the Admin manual. You can thus use just one PreStage.