This document details the process for enrolling macOS devices into your datajar.mobi instance via User Initiated Enrolment (UIE). This is for devices that you cannot add to Automatic Device Enrolment in Apple Business Manager / Apple School Manager.
If you require documention for enrolling macOS devices via Automatic Device Enrolment please see this KB - Enrolling macOS devices into datajar.mobi via Automatic Device Enrolment (ADE)
Please Note: This document has been created as a generic guide for the majority of our customers. Please consult any instructions from the dataJAR team regarding your specific setup.
Pre-enrolment steps
Prior to enrolment, there are some additional steps. Unlike the ADE enrolment, these will need to be performed each time you need to redeploy the device.
1) Connect the device to power and a network connection. A wired connection is strongly suggested but wireless is also possible, if slower. You will also benefit by using a network that has an Apple Caching server and / or a dataJAR Accelerator Appliance. If you are interested in either of these, feel free to reach out to the dataJAR Support team.
2) Boot the device to the recovery partition, erase the internal hard drive and reinstall a fresh OS. This is covered under the KB article Preparing your devices for datajar.mobi and the Apple KB How to erase a disk for Mac
3) Once the OS is installed, ensure the device is still on a network connection and proceed through the Apple Setup Assistant.
4) As part of the Setup Assistant you will be prompted to create a user account.
a) If deploying a 1:1 device please ensure to create a user account for the end user, and not a temporary admin account or a local admin / service account. Failure to do so can result in issues with full disk encryption which will likely require a full redeployment. For more details see the KB article Secure Token Requirements and Considerations.
b) If deploying a shared device, either create the local admin account with the same details that will be deployed, or create a throw away local admin account that can be removed after deployment
5) Once at the Desktop, launch the Safari application. This is typically in the default Dock.
6) Navigate to the enrolment page for your instance. This will be of the format:
https://[your datajar.mobi instance URL]/enrol
If you are unsure of your instance URL, please reach out to dataJAR Support team.
7) Authenticate to the UIE page:
a) If your datajar.mobi instance is connected to your authentication solution (e.g. Active Directory, Azure LDAP, Okta LDAP etc) have the end user enter their credentials. Once authenticated, use the "assign to" user box to enter the end user's username, assign the device and continue.
b) If your datajar.mobi instance is not connected to your authentication solution, enter the service account enrolment details provided by your dataJAR implementation engineer. Once authenticated, leave the "assign to" box empty and continue.
8) Follow the on-screen instructions to download and install the enrolment / MDM profile.
9) Once enrolment is complete, quit Safari and System Preferences
10) Within a few minutes the dataJAR Progress Screen should appear, prompting you for a device name (optional depending on implementation requirements) and the device role (required).
11) Pick a device role and optionally provide a device name and click the continue button.
12) The device will now deploy the required software. Once complete, the device will automatically restart.
13) The device should now be ready for use.
If you require further assistance or support, please contact our support team.