Jamf Deployment Guide

Overview

This guide outlines how to configure and manage Jamf Pro for deploying Nectar Endpoint Client (henceforth EPC), including:

• Apple Push Notification Service (APNs) certificate setup
• Device enrollment (User-Initiated Enrollment)
• Package and script deployment using policies

Apple Push Certificate (APNs)

Steps

1. Log in to Jamf Pro
   • Open your Jamf Pro URL
   • Sign in with admin credentials
2. Navigate to APNs Settings
   • Go to Settings (sidebar)
   • Select Global Management → Push Certificates
3. Create a Certificate
   • Click New
   • Download the Certificate Signing Request (CSR)
4. Generate Certificate via Apple
   • Go to: https://identity.apple.com/pushcert/
   • Sign in with your Apple ID
   • Upload the CSR
   • Download the APNs certificate
5. Upload Certificate to Jamf
   • Return to Jamf Pro
   • Upload the certificate
   • Click Save

Best Practices

• Use a company-owned Apple ID (NOT personal)
• Renew annually before expiration
• If lost → all devices must be re-enrolled

Device Enrollment (User-Initiated)

Steps

1. Navigate to Enrollment Settings
   • Go to Settings
   • Select User-Initiated Enrollment
2. Configure Enrollment
   • Configure:
     • Enrollment URL
     • Messaging
     • Access settings
     • Device platform settings
3. Send Invitations
   • Go to Computers or Devices
   • Select target users/devices
   • Click Send Enrollment Invitation
4. User Workflow
   • User receives link/email
   • Installs MDM profile
   • Device enrolls into Jamf

Best Practices

• Clearly communicate instructions to users
• Set expiration windows on invites
• Consider Account-Driven Enrollment for newer macOS/iOS environments

Package Upload & Deployment

Uploading Packages

1. Go to Settings
2. Navigate to Computer Management → Packages
3. Click New
4. Upload your EPC .pkg file
5. Add metadata (name, category, etc.)
6. Save

Uploading Scripts

1. Go to Settings → Computer Management → Scripts
2. Click New
3. Enter:
   • Name: EPC Configuration
   • Example script contents:

   <?xml version="1.0" encoding="UTF-8"?>
   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
   <plist version="1.0">
   <dict>
   	<key>AgentDescription</key>
   	<string>Nectar EPC Agent</string>
   
   	<key>AgentName</key>
   	<string>REPLACE_WITH_USERNAME</string>
   
   	<key>DomainName</key>
   	<string>nectarusprod</string>
   
   	<key>Passphrase</key>
   	<string>REPLACE_WITH_DOMAIN_PASS</string>
   
   	<key>GroupId</key>
   	<string>REPLACE_WITH_GROUP_ID</string>
   
   	<key>OrganizationId</key>
   	<string>REPLACE_WITH_ORG_ID</string>
   
   	<key>OutboundCtrlAddr</key>
   	<string>neccontroller.us.nectar.services</string>
   
   	<key>OutboundCtrlPort</key>
   	<string>40006</string>
   </dict>
   </plist>

4. Save

Creating a Policy (Deployment)

1. Go to Computers → Policies
2. Click New

Configure Policy

General

• Name the policy
• Trigger: Recurring Check-in
• Frequency: Once per computer

Packages

• Add EPC installer package, available here.

Scripts

• Add your configuration script
• Set execution order:
  • Before package (if configuring environment)
  • After package (if modifying install output)

Scope

• Assign to:
  • Specific devices
  • Smart groups
  • All computers

Save

• Click Save

Best Practices

• Always test on a small group first
• Monitor:
  • Policy logs
  • Device logs
• Use Smart Groups for controlled rollout