Prestage Enrollment authenticating against Okta getting blocked in iOS 13?

New Contributor III

We recently pulled together a new enrollment process for our Macs, one utilizing an Enrollment Customization that enables us to prompt our users for their Okta credentials during system setup so that the local account setup page is pre-populated AND the enrolled device is associated with their user record in Jamf.

Now I'm looking to do the same with our mobile device Prestage Enrollments. It works fine with pre-iOS 13 devices buts I'm finding that iOS 13 devices fail once the user enters their Okta credentials:


The solution appears to be assigning the Jamf app to the user in Okta - that works. But it's also kind of cumbersome; we've never before had to assign Jamf to our entire end user population.

Wondering if anybody else out there has tried it, run into the same issue, and can confirm or deny this as the best/only solution.


New Contributor III

Uhhh... I just realized that my macOS enrollments are calling for this, as well - I just didn't notice because both myself and all of my testers (fellow Tech Team members) already have Jamf assigned to them in Okta! So... I'm guessing that having Jamf assigned to end users is required in order for the Enrollment Customization to work.

Would still love confirmation on this....

New Contributor II

We had to assign Jamf Pro to all users for Okta to work as the Enrollment Customization pane.

We made it hidden to all users, but then made a Bookmark only for the people who actually can log into the JSS who have the corresponding admin accounts.