Online Open Directory services? Can we install profiles before setting up Macs?
https://apple.stackexchange.com/questions/352403
-
29-04-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
So we're setting up a subsidiary company in another country, and we will be needing a bunch of Mac Minis that some part-time (hourly) employees will use. The employees will be rotating between the Macs, but do need the ability to create their own bookmarks etc in the browser. Our main employee under this subsidiary is capable of setting up the Macs, but ideally this should only be a few steps when he receives a new Mini.
So we will need:
- Something like an Open Directory Server for the users (is there anything online that we can use?)
- Some easy way to have these Macs connect to this Open Directory Server (ideally) without any need to create local accounts
So what would the best approach here be? And are there any cheap and reliable Open Directory Servers online that we could use for this? I looked a bit into jamf, but that seems to be more MDM, and I'm not even sure they offer OD or AD.
Can I use Apple Configurator perhaps to create profiles? Can I load these into the Macs before the default setup screen?
EDIT: Looking more into jamf, it seems like a nice way of managing these Macs.
Solution
At long last, yes you can set up management for zero touch deployment through a couple avenues.
- Use an Apple Service called Device Enrollment Program which is now part of the Apple Business Manager service / web app. https://business.apple.com
- Use a product to leverage the login process and install a tool like Jamf Connect which lets you run scripts and check in with a directory before any user logs in. https://www.jamf.com/products/jamf-connect/
You can even combine both so that when you purchase a Mac and ship it, it will be enrolled in the management framework, have certificates and helper scripts loaded so that you can leverage cloud identity providers like Okta or Azure AD or roll your own LDAP/OD as the Jamf Connect is based on an open source NoMad project which was acquired and now is enhanced and has become Jamf Connect.
The implementation of this is quite broad, but there are professional resources and communities to help. I would start with JAMF pre-sales support and consider joining the Mac Administrators Slack if you want guidance and mentoring more than a Q&A site like this (and I would recommend both, tbh)
