Help

Mass iPad deployment questions/help

dmitchell
Contributor

Posted on ‎07-10-2019 02:58 PM

Hello,

I am hoping I can get my questions answered here. One of our colleges is about to purchase 800+ iPads and possibly want them enrolled in Jamf (which we are recommending). The config is very simple, no real management, they just want apps, books and webclips to be pushed to them. This is all pretty straight forward stuff. My question is getting them into groups and whatnot for easier management.

I will be setting up a site for this college, they would essentially need 6 different groups in Jamf. Mostly for specific class year applications and the ability to mass unenroll devices when the students graduate (they will be keeping them).

In ASM I would essentially setup a DEP instance for this college so we can add all the iPads to the site easier. With the pre-stage I am testing, I am having the users authenticate so Jamf will record their name and email address. What would be the best way to add in their class year for easier grouping? Would I use the Inventory Pre-load (I guess this would require someone assigning specific iPads to specific students) or would I need to add in a department attribute to these accounts in AD (not sure what pulls exactly from LDAP). Or could we use the API to write the department attribute in Jamf based on a list from AD?

We haven't done anything on this scale so I am not quite sure what to do for grouping the iPads. If anyone has any thoughts or suggestions, it would be greatly appreciated.

Thanks!

Labels:
0 Kudos
Reply
3 REPLIES 3

pwildemann
New Contributor II

Posted on ‎07-10-2019 03:29 PM

  1. Don't just use ASM for devices. Get it connected to a SIS or set up a script to export the CSV from your primary directory service.
  2. Use Apple Education Support in your JAMF settings.
  3. Attribute mappings are the only way to get there if I am understanding you correctly. I have mine pulling department from LDAP which is added to the object at enrollment. You can use a Smart Group with department criteria to get you the rest of the way.
Reply

dmitchell
Contributor

Posted on ‎07-10-2019 04:08 PM

@pwildemann

  1. We have to use ASM to import the devices into DEP.
  2. I'm not sure if I need this? We don't plan on importing students or classes into ASM, we don't want them to have managed Apple IDs. These are essentially being treated like personal devices but with light configuration (imagine trying to have 800+ students download a single app :D)
  3. I feel dumb for this one, the department I was trying to use was not a department in Jamf thus leaving it blank. As soon as I added it to Jamf the department field was populated.

Thank you for your response :D

0 Kudos
Reply

Graeme
Contributor

Posted on ‎07-11-2019 05:36 PM

We allocate each iPad to a user in an external database, this is then used to populate each device's user field in JAMF. A script then runs that takes user data from a CSV export from our SIS and populates various extension attributes on their device. These extension attributes are then used to put the devices into smart groups. This is for historical reasons and I don't know if you can do the same by populating user extension attributes.

By doing it this way we still have our "Single Source of Truth" (the SIS) and devices automatically move between departments, mini-schools, campuses and eventually wind up in the smart group "Exited Students". We can then get an export from this group, use it to "Disown" the devices in ASM and issue a wipe command.

We used to use smart groups based on AD security groups but for local reasons this didn't provide us the smart groups we wanted.

Reply