> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truu.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# ADE/DEP JAMF Setup

> This article provides step by step instructions to configure your environment to deploy the Mac Authenticator using Apple’s Automated Device Enrollment (“ADE”) process. TruU fully supports ADE using Apple Business Manager and Jamf as the MDM.

# **Mac Authenticator Automated Device Enrollment Guide**

Overview

* Apple Business Manager setup

  * Create MDM Server
  * Apple Configurator setup

* Jamf Pro setup

  * Create MDM Server
  * Create Configuration Profiles
  * Create PreStage Enrollment

## Apple Business Manager setup

1. Sign In Apple Business Manager [Apple Business Manager](https://business.apple.com/)
2. Go to Preferences to add new MDM Server

<img src="https://mintcdn.com/truu-2/L38yxuvvUa8uAW5I/images/docs/12dae3d409ba559f6dbd978522eaced1496be3fa71845c5ab7862d48c74d3526-Screenshot_2024-02-27_at_10.45.18_AM.png?fit=max&auto=format&n=L38yxuvvUa8uAW5I&q=85&s=61ece8756a6097ec2e00825291f6dd1b" alt="" width="1262" height="1460" data-path="images/docs/12dae3d409ba559f6dbd978522eaced1496be3fa71845c5ab7862d48c74d3526-Screenshot_2024-02-27_at_10.45.18_AM.png" />

3. Setup MDM Server

* Provide a name for the MDM Server
* Check the box to “Allow this MDM Server to release devices.”

<img src="https://mintcdn.com/truu-2/m22YLP0oXSNG0U3O/images/docs/878325c21f9d7448451b0f72d65e35e900e5a9de5551854252a6f44cfc2d6d57-Screenshot_2024-02-27_at_10.48.24_AM.png?fit=max&auto=format&n=m22YLP0oXSNG0U3O&q=85&s=f4c1990fa15997ec9755da68288556aa" alt="" width="2272" height="1136" data-path="images/docs/878325c21f9d7448451b0f72d65e35e900e5a9de5551854252a6f44cfc2d6d57-Screenshot_2024-02-27_at_10.48.24_AM.png" />

4. Download token for newly created MDM Server (This token needs to be set on the MDM, e.g., Jamf)

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/d8204e70a3d7fe0a9877873c37a03506728c1440b115ece9a987fc045d199632-Screenshot_2024-02-27_at_10.49.07_AM.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=5d6f89c8019a9e2137f008b4c439103c" alt="" width="2904" height="1468" data-path="images/docs/d8204e70a3d7fe0a9877873c37a03506728c1440b115ece9a987fc045d199632-Screenshot_2024-02-27_at_10.49.07_AM.png" />

5. Go to App Store and download Apple Configurator iOS app (this is required for the Admin to configure provisioning through the MDM).

* Sign in using Apple Business Manager account
* Pick newly created MDM Server as default assigned for provisioned machines

<img src="https://mintcdn.com/truu-2/0zTsJHKKI2cGP3Gv/images/docs/fba72b7f618a05ffa808bcf17033a4e9a0a33d98f9b0a72bb818942c4eec1e08-Screenshot_2024-03-25_at_12.21.27_PM.jpeg?fit=max&auto=format&n=0zTsJHKKI2cGP3Gv&q=85&s=5b63a635f6595108229cf2b36bce04c1" alt="" width="1170" height="2532" data-path="images/docs/fba72b7f618a05ffa808bcf17033a4e9a0a33d98f9b0a72bb818942c4eec1e08-Screenshot_2024-03-25_at_12.21.27_PM.jpeg" />

## **JAMF Pro Setup**

**Step 1:** Sign into your Jamf Pro account [https://DOMAIN.](https://truunfr.jamfcloud.com/)[jamfcloud.com](//jamfcloud.com)

**Step 2:** Go to "Settings", then navigate to the "Automated device enrollment" to create a new MDM server integration

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/e05999b-image.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=2b5a0bfbe999e93c04125e3822fadfe9" alt="" width="1084" height="254" data-path="images/docs/e05999b-image.png" />

**Step 3:** Setup new instance of MDM server (Choose server token file obtained from Apple Business Manager as described in step 4 in the Apple Business Manager section)

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/c113624-image.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=5a71839dfcaad8000e6f0b4718209e21" alt="" width="1072" height="276" data-path="images/docs/c113624-image.png" />

**Step 4:** Setup Configuration Profiles

**4-a:** Go to "Computers", then navigate to "Configuration Profiles"

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/c353b3f-image.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=fb0b0adbef96ce56ad4a730956072294" alt="" width="822" height="1044" data-path="images/docs/c353b3f-image.png" />

**4-b:** Create "Account Provisioning Profile"

**4-b-i:** Click the **+ New** button to create new profile

<img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/4e567a4-image.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=88d532b215263773ab263442d61daa48" alt="" width="1088" height="356" data-path="images/docs/4e567a4-image.png" />

**4-b-ii:** Provide a *name* for the new configuration profile

<img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/9930ec6-image.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=8252adfdac439ba60688100f8898f7a1" alt="" width="1190" height="694" data-path="images/docs/9930ec6-image.png" />

**4-b-iii:** Open "Application & Custom Settings” and click **Upload**

<img src="https://mintcdn.com/truu-2/qCK1oWL4jNpZKJ8A/images/docs/91fd4a5-image.png?fit=max&auto=format&n=qCK1oWL4jNpZKJ8A&q=85&s=3d6c0b7a18be4c714e1c9748a5202e69" alt="" width="1078" height="458" data-path="images/docs/91fd4a5-image.png" />

**4-b-iv:** Define Property List (PLIST) for the Configuration Profile

<img src="https://mintcdn.com/truu-2/ehCBQgFdl_pQd0MN/images/docs/af1da3f-image.png?fit=max&auto=format&n=ehCBQgFdl_pQd0MN&q=85&s=f237d268a1a3bf5c8e8033d2fa19a5ba" alt="" width="1054" height="518" data-path="images/docs/af1da3f-image.png" />

**NOTE: Make sure that your downloaded PLIST have the following values**

```
<key>enableGetStartedNotification</key>
		<true/>
		<key>runPostEnrollmentAfterReboot</key>
		<true/>
```

* Create Preference Domain for ai.truu.ma.dep with the following PLIST:

<CodeGroup>
  ```bash bash theme={null}
  <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>createAdminAccount</key>     <true/> </dict> </plist>
  ```
</CodeGroup>

* You will see the following in your profile:

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/db806c6-image.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=ce591111f44017ae63acecc6cdeae7eb" alt="" width="1066" height="470" data-path="images/docs/db806c6-image.png" />

**4-c:** Create Application Provisioning Profile

**4-c-i:** Follow steps i – iii for part b above to add the Application Provisioning Profile

**4-c-ii:** Enter *ai.truu.ma.configuration* as the Preference Domain

**4-c-iii:** To create the PLIST, you will need to convert your "application.config" file to a PLIST by replacing the “CHANGE IT” variables with the the values from your config file

<CodeGroup>
  ```bash bash theme={null}
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  	<key>allowPasswordSync</key>
  	<true/>
  	<key>canUnenroll</key>
  	<true/>
  	<key>enableAdminAccess</key>
  	<true/>
  	<key>domain</key>
  	<string>c2</string>
  	<key>idsDomainLookup</key>
  	<string>https://global-stage.platform.truu.ai/api/v1/public/fqdn/{CHANGE IT}</string>
  	<key>oAuthClientId</key>
  	<string>{CHANGE IT}</string>
  	<key>oAuthClientSecret</key>
  	<string>{CHANGE IT}</string>
  	<key>oAuthScope</key>
  	<string>tenant-management-api-agent</string>
  	<key>ssoRedirectionURLs</key>
  	<array>
  		<string>{CHANGE IT}</string>
  	</array>
  	<key>authPluginSettings</key>
  	<dict>
  		<key>enableLoginWindow</key>
  		<true/>
  	</dict>
  	<key>accountLockOverride</key>
  	<dict>
  		<key>maxFailedLoginAttempts</key>
  		<integer>10</integer>
  		<key>minutesUntilFailedLoginReset</key>
  		<integer>10</integer>
  		<key>shouldLockScreenOnAccountLock</key>
  		<true/>
  	</dict>
  </dict>
  </plist>
  ```
</CodeGroup>

**4-d:** Create Configuration to Enable SSO

**4-d-i:** Scroll to “Single Sign-On Extensions” and click the **+ Add** button

<img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/636753e-image.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=0290336789749d4749f2ab8a480d39ba" alt="" width="1056" height="508" data-path="images/docs/636753e-image.png" />

**4-d-ii:** Enter the following:

* **Payload Type –** *SSO*
* **Extension Identifier –** *com.truu.LoginHost.SSO*
* **Team Identifier –** *VGJPA2G633*
* **Sign-on Type –** *Credential*
* **Realm** – *Company Kerberos Ream* (e.g. \{[domain.com](//domain.com) })
* **Hosts** – *Company resources domains* (e.g. \{[domain.com](//domain.com) })

<img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/6384e5f-image.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=b4f8334ec8fefb0c5c9e4128f0d12e2c" alt="" width="1070" height="516" data-path="images/docs/6384e5f-image.png" />

**4-e:** Apply Scope for Provisioning Profiles (as needed)

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/c8a5a42-image.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=86561b3d50b1ab10db0937c42e3b2dd0" alt="" width="1056" height="548" data-path="images/docs/c8a5a42-image.png" />

**Step 5:** Configure PreStage Enrollments

**5-a:** Go to "Computers", then select "PreStage Enrollments"

<img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/66961fc-image.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=c9960e0da46415570ca9e183dfd70261" alt="" width="1078" height="496" data-path="images/docs/66961fc-image.png" />

**5-b:** Setup new PreStage Enrollment

**5-c:** General settings (MDM server, Setup Assistant Options, etc.) Note: TruU agent is responsible for local account creation during enrollment process. Account creation from MDM setting should be skipped

<img src="https://mintcdn.com/truu-2/E6hYbyLPrBHWbQ3m/images/docs/bc19867-image.png?fit=max&auto=format&n=E6hYbyLPrBHWbQ3m&q=85&s=9a9f9066f89c9bd6714c231c46f6414a" alt="" width="1050" height="542" data-path="images/docs/bc19867-image.png" />

**5-d:** Select the Configuration Profiles that were created above

<img src="https://mintcdn.com/truu-2/YlfY4z_3_-uDkBaP/images/docs/5b31e6b-image.png?fit=max&auto=format&n=YlfY4z_3_-uDkBaP&q=85&s=bf01f288032a87bcfd02942999432b17" alt="" width="1066" height="550" data-path="images/docs/5b31e6b-image.png" />

**5-e:** Define the Distribution Point for the Enrollment Package

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/eb40ff2-image.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=7dbe746cf88a762a537b8a520ae3c91d" alt="" width="1062" height="552" data-path="images/docs/eb40ff2-image.png" />

You’re all set! Go back to iOS Apple Configuration Application and start provisioning for new machines

***

[Importing TruU Packages for JAMF Setup](/docs/importing-truu-packages-for-jamf-setup)

[ADE/DEP Intune Setup](/docs/adedep-intune-setup)