Posted on 09-29-2015 11:27 AM
Good afternoon all. My name is Brad Terhune and I'm a new Casper admin for the University of Tennessee Health Science Center in Memphis. I have a question about enrollment. Is it possible to have customers get a User-Initiated Enrollment message, sign in with their own LDAP credentials and install the software for Mac OS machines? If so, where do I configure that?
Posted on 09-29-2015 11:47 AM
Its not necessarily possible to send up a prompt on their screen asking them to enroll, as the Mac would likely need to be enrolled already to do that (unless you have something like ARD enabled on them)
But its possible to set up user initiated enrollment, which is a webpage they can get to, log in with LDAP credentials and then get a software download (QuickAdd.pkg) they can run to enroll their Macs.
First thing you need to make sure of is that your JSS is set up to communicate with your LDAP environment. This is done under System Settings > LDAP Servers. Read the full documentation for more on that if you need. Hopefully though this was covered in your JumpStart?
Assuming that is all set, go to Global Management > User-Initiated Enrollment. Under there there is a Platforms tab that has OS X under it, where you need to set up the details of the enrollment process, including a local management account to use or to create if necessary, plus the password, and any other options you might want enabled.
Under the Access tab, you can add LDAP groups that you want to enable to enroll on their own. If you have one global "All LDAP Users" type of group (most AD environments have something like this), you can add that group and any valid AD account will be able to enroll in the JSS.
Keep in mind the users will need to install a package on their Mac locally, so they will need local admin access to do this. If they are not admins, its not going to be easy to set up a user enrollment process.
Posted on 09-29-2015 12:53 PM
Thank you. I have all of that established. What threw me was that I had a customer call me (we are doing a test of just the ITS department) and he could not login with his LDAP credentials in either Safari or Chrome. He'd always get a white screen then an error.
However, I could login with a standard Casper account and get the Quick Add pkg. Just figured I might have something configured improperly?
This was on a 10.5 box.