Setup Manager offers streamlined device enrollment for Mac

Jamf’s Setup Manager is a powerful tool: an Apple device enrollment program for Mac that makes enrollment a snap.

August 28 2024 by

Armin Briegel

Apple device enrollment: a Jamf Setup Manager screen on a Mac desktop.

First impressions matter.

The first experience a new employee will have with your organization’s management tools will be their enrollment. Administrators need to ensure their device enrollment user experience makes a good impression.

Jamf Pro and Jamf School provide many Apple automated device enrollment tools to improve this experience.

However, the main challenge for most organizations is that some critical software titles and security tools must be installed and configured before the device is ready to use.

Many available enrollment tools

There are many progress tools available for Mac admins to show progress during this enrollment phase:

All these tools are great and meet the needs of their audiences. Some deployments require only basic and simple configuration options. Other Mac Admins have no problem managing complex shell scripts and working with open-source tools.

But wait, there’s more to Mac device enrollment!

The Consulting Engineers at Jamf get to work with many amazing Jamf administrators with a wide spread of skill levels and requirements, from small organizations with a few dozen devices to large and complex deployments numbering in the tens of thousands.

Within our team, we realized that we were missing a tool that is both easy to deploy and configure and provides powerful features to cover simple and complex deployments.

Jamf’s Setup Manager fills the gap and more

In building this tool, we realized that, in addition to being a "simpler, more modern DEPNotify,” this tool could also address a very specific deployment model that has not been covered before.

The new tool integrates seamlessly into the existing Mac setup workflow. It can run over Setup Assistant. So we called it "Setup Manager."

Why another enrollment tool?

We built Setup Manager as a native macOS app rather than a shell script. You configure it with a custom configuration profile without having to edit complex shell or JSON syntax.

You can customize several elements of Setup Manager's interface using the configuration profile. This includes:

  • The banner image
  • The text
  • The steps that Setup Manager will perform
  • Labels and icons

A native app allows us to do a few things that you cannot easily achieve with shell scripts.

For example, Setup Manager is localized to eight different languages, and we hope to add more languages soon!

How Jamf Setup Manager works

Setup Manager will automatically display the user interface — in the user's language — during the setup process. Admins can also use the configuration profile to provide their own localizations for custom text and labels.

Setup Manager also has an "About this Mac…" button, which will show information about the current Mac. This can be very useful to verify the device's identity while it is set up.

Screenshot of Setup Manager's interface

Setup Manager workflow

You can set up enrollment with any of the following:

  • Jamf Pro policies
  • Installomator installations
  • Single line shell commands (e.g "set the timezone" or "install Rosetta").

Setup Manager can also watch for installations from the Mac App Store (via Volume Purchasing) or the Jamf App Catalog.

MacAdmins can optionally configure Setup Manager to prompt for certain information such as an asset tag or department. The installations and configurations will run in the background while the app waits for user input.

Simplified deployment and configuration

Setup Manager comes as a signed and notarized package installer file (.pkg). On Jamf Pro, you can simply add the .pkg and a custom configuration profile to the Prestage. On Jamf School, the setup is a bit more elaborate, but you still only need the package installer and the configuration profile.

User Experience

Setup Manager works well in a standard zero-touch workflow. When used with automated device enrollment, it launches immediately after the user confirms the automated enrollment. Like other enrollment progress tools, it can also be used with user-initiated enrollment.

UX challenges

In some configurations, zero-touch deployment workflows can be a poor user experience.

  1. The user must remain present from the very beginning to enter their SSO credentials in customized enrollment and to create their user account.
  2. However, when the user reaches the desktop and is excited and eager to start working, the required software is not yet installed.
  3. The user must wait for the required installations to complete. Often, deployment tools block the screen to prevent the user from using the incompletely configured Mac.

With many deployments, several gigabytes-worth of software must be installed and configured. Installation times of 20-30 minutes are common. Installation times of one hour or more are not unheard of.

Tech-driven Mac enrollment

A possible solution to this challenge is time-consuming: a tech manually performs the initial installation and setup and then hands the "finished" Mac to the final user. Additionally, zero-touch workflows, modern authentication methods and security are a real challenge with this approach.

In Jamf Pro, the user who logs in at customized enrollment is assigned to the device. Since the customized enrollment authentication is the first thing in the automated enrollment workflow, this prevents a tech-driven or "white-glove" workflow.

Some customers and partners have implemented clunky workarounds. Some share or reset the end-user's credentials — a bad security practice. Some create temporary local accounts on the device for the tech doing the enrollment and setup. However, this requires:

  1. A customized workflow that ensures the new user account receives the secure token (essential to unlock FileVault and authorize software updates)
  2. The user assignment in Jamf Pro is updated
  3. The temporary local tech user is removed

Setup Manager solves many of these issues by performing time-intensive and security installations before any user creation. Setup Manager can prompt a tech sitting at the Mac to enter information such as the ultimate user, computer name, or department. These data points will be set on the Mac and in Jamf Pro at the end of the Setup Manager workflow.

This allows for various tech-driven "single-touch" workflows where the device is prepared by a tech with minimal interaction and no sharing or resetting of credentials is necessary.

Availability

Setup Manager 1.0 is now available on the Jamf Concepts site.

You can see the release notes and download on the releases page. You can use that repository's Discussions section for questions, comments, tips and tricks and feature requests. Remember to 'watch' that repository, so you don't miss an update. We have also created a #jamf-setup-manager channel in the MacAdmins Slack.

It has been quite the journey to get here. We wanted to thank everyone who has participated in the private beta for your help and patience. It is a better tool because of all your feedback.

But we are not going to stop here. We have some great improvements and ideas lined up!

Improve your enrollment UX today.