Enrolling macOS Devices Using a Third-Party Certificate

Before you begin

If the certificates bound to "Deployment Server Extensions and Web Console" and "macOS Profile Signing" are not trusted third-party certificates and the setting "Require Trust Profile During Enrollment" is turned on, follow the instructions of Enrolling macOS Devices Using a SOTI MobiControl Certificate.

You must have created an add devices rule that establishes enrollment settings before you can complete this procedure.

Important:

  • Choose the user account that you use to enroll to SOTI MobiControl carefully. Some configuration settings will only apply within the user account that was used for enrollment rather than to the entire device.

  • Enroll your macOS with or without a SOTI MobiControl device agent. A device agent is an application that provides additional device management capabilities. Enrolling without a device agent still provides significant control over your devices.

About this task

To enroll your macOS devices:

Procedure

  1. If using a device agent, ensure the SOTI MobiControl App for macOS Devices application catalog rule is enabled and targets the device groups you're enrolling your devices into.
  2. On the Apple tab, select the Rules tab.
  3. Select the add devices rule that you want to use to enroll the macOS device.
    The details of the add devices rule will appear in the Information pane. Make a note of the Enrollment URL.
  4. On the macOS device, copy the Enrollment URL into the address bar of the device's browser.
    If using a device agent, the device agent will automatically download and install itself on the device.
  5. Follow the instructions of either the Device Agent Setup Assistant (if enrolling with a device agent) or the Enrollment Service Web Page (if enrolling agentlessly).
  6. If the add devices rule was configured with LDAP, enter the applicable credentials.
  7. Click Step 1 to download the SOTI MobiControl Device Enrollment Profile. Click Allow and then Install and then Install again to install the SOTI MobiControl device enrollment profile.
    The macOS Profile Manager application will open to continue the installation of the SOTI MobiControl Trust and Management profiles.
  8. The installation process of the SOTI MobiControl Device Enrollment Profile includes several steps that require user interaction, such as entering administrator credentials. Once the profile has finished installing on your device, click Done.

Results

Your device is now enrolled in SOTI MobiControl and can communicate with the SOTI MobiControl deployment server.