VPP without logging in to the JSS?

justin
New Contributor

i'm a little confused about something- it seems that in order to enroll a user into the VPP, you have to send a link and they log in to the JSS? is there a simpler way to do this so that they don't have to do that, or am i missing something?

8 REPLIES 8

justin
New Contributor

i guess to clarify, can that be bypassed so that we can just assign apps to IDs without having to log in to the JSS?

we'd like to not have another login for people to have to deal with.

perhaps link their accounts to our admin accounts so that they are associated by us?

mpermann
Valued Contributor II

When I setup VPP with our JSS 9.3 I used the option to have a notification appear on the mobile device itself. No email was sent. Once you click the notification the user types in their iTunes credentials to link their iTunes account with your JSS. Then you're able to distribute apps to them using your JSS and the new managed distribution model.

justin
New Contributor

i should also specify, we're using this with Macs, not iOS devices.

justin
New Contributor

thanks mpermann, i'll see if there might be an option like that for MacOS... that would be ideal.

mpermann
Valued Contributor II

On page 14 of the Deploying-Devices-with-the-Device-Enrollment-Program-VPP-Managed-Distribution-and-the-Casper-Suite guide it states "Note: You cannot distribute Mac apps to computers using the JSS." According to that document you can't deploy apps to computers using the new VPP managed distribution model. Seems like you should be able to. Not sure why a Mac app gets treated differently than an iOS app.

justin
New Contributor

yeah, i don't know why JAMF is handling it this way (chime in?) -- but i just set up a quick Meraki account and looked through their VPP enrollment stuff. You send an email invite, they click the link which opens directly to the App store. you sign in with your existing apple ID and password, and that's that.. they are now linked with that AppleID. Seems brainlessly simple that way. a bit more complicated with JSS asking for users to log in to the JSS and then associate their ID or whatever. simple for us sure, but for the people here that don't have time/interest to do that. the goal is to be as transparent as possible. i prefer meraki's method (i was able to upload a .csv of all the user email accounts) so i think we'll go with that for VPP until it's simplified in casper. not really ideal for macos i guess.

john_miller
Contributor

Hey everyone.

Great discussion. Hopefully I can help on a few things.

When inviting users, there are two methods. Email invitations, as mentioned, require the users to authenticate to the JSS. MDM Invitations, as noted, do not require authentication to the JSS. When authentication is required, admins are able to leverage a directory service environment to avoid defining the individual accounts in the JSS. MDM Invitations for the Mac are implemented and will be released in the next version. There are some stipulations that are documented in the Admin Guide. An option to require authentication for email invitations is something we can look at. It sounds like that might help the workflow.

Once end users have accepted invitations, administrators are able to assign both Mac Apps and iOS Apps to end users in the organization (eBooks, too). This is done through the VPP Assignments in the JSS. The process is the same for both platforms as far as assignment is concerned.

Once apps have been assigned, they are ready to get installed on the devices. Devices that are not managed, but are used by that same end user, will see the apps available under the "Purchased" of the appropriate app store (Mac App store or App Store). If these devices are managed, we can follow similar workflows as we have in the past; iOS Apps can get defined in the JSS and deployed to client devices with any desired options. Mac Apps can get deployed using Policies, as well as some really great workflows documented by members of the community to make Mac App Store apps available in Self Service, etc. We are also looking at a more integrated workflow for deploying Mac App Store apps from within the JSS.

Thanks for the discussion!

mpermann
Valued Contributor II

@john.miller, thanks for the clarifications. I think a more integrated workflow for deploying Mac App Store apps from within the JSS would be wonderful. Hopefully that is something that will happen soon.