Authentication
Select a user authentication method for enrolling devices. You do this when:
User Authentication Options
Note: This section appears only if you selected Manual as the device group selection method.
Utilize user groups to authenticate users during device enrollment | Use a directory service or an identity provider for user authentication.
Select Directory Service to select a directory service connection from the list, and search for a user group using that connection. If you do not have a directory service connection configured, select Manage Directory Services to open the Directory which you can use to configure a new connection. Select Identity Provider to select an identity provider connection from the list, and search for a user group using that connection. If you do not have an identity provider connection configured, select Manage IdP Connections to open the Identity Provider which you can use to configure a new connection. |
Authenticate using the Identity Provider that federates your Managed Apple IDs. | Use the same Identity Provider (IdP) you selected for your Managed Apple IDs to authenticate your devices. You can allow all authenticated users to enroll with this rule or restrict enrollment by specifying which specific groups within the IdP connection can enroll.
Note: This option is only available for User Enrollment add devices rules that are using Accounts Federated by Microsoft Azure AD.
|
Password required to verify device enrollment | Specify a single password for enrollment across all devices that enroll using this add devices rule. |
No password required to verify device enrollment | Devices can enroll without verification. |
Use static enrollment challenge | User static enrollment challenge. (For use with Apple Configurator.) |
Certificate Authentication Authority
Issue agent identity using | Select the certificate authority that will be used to identify agents. |