Where I work, we realized we wanted allow open enrollment, but only to Administration staff. While you could do this with a custom quickadd we wanted to keep the enrollment page in jss open as another option.
-
- Login to your Jamf Pro Server
- Click the Gear on the Left hand side by your name
- Select User Initiated Enrollment under the Global Management Tab
- Click Edit on the bottom right corner
- Uncheck
- Restrict re-enrollment to authorized users only
- Click Access
- Edit All LDAP Users
- Uncheck
- Restrict re-enrollment to authorized users only
- Allow group to enroll personally owned devices
- Click Add
- Search for the LDAP group you want to allow enrollment
- Check both boxes
- Restrict re-enrollment to authorized users only
- Allow group to enroll personally owned devices
- Click Done
- At the next page click Save
- Test, an unsuccessful login will just redirect back to the login page, while a successful will allow you to download a quickadd