Limit jss enrollment to a specific LDAP group

Where I work, we realized we wanted allow open enrollment, but only to Administration staff. While you could do this with a custom quickadd we wanted to keep the enrollment page in jss open as another option.

    1. Login to your Jamf Pro Server
    2. Click the Gear on the Left hand side by your name
    3. Select User Initiated Enrollment under the Global Management Tab
    4. Click Edit on the bottom right corner
    5. Uncheck
      1. Restrict re-enrollment to authorized users only
    6. Click Access
    7. Edit All LDAP Users
    8. Uncheck
      1. Restrict re-enrollment to authorized users only
      2. Allow group to enroll personally owned devices
    9. Click Add
    10. Search for the LDAP group you want to allow enrollment
    11. Check both boxes

      1. Restrict re-enrollment to authorized users only
      2. Allow group to enroll personally owned devices
    12. Click Done
    13. At the next page click Save
    14. Test, an unsuccessful login will just redirect back to the login page, while a successful will allow you to download a quickadd

 

 

 

No Comments

Leave a Comment