Enrolling macOS Devices Using a SOTI MobiControl Certificate

Before you begin

If the certificates bound to "Deployment Server Extensions and Web Console" and "macOS Profile Signing" are trusted third-party certificates and the setting "Require Trust Profile During Enrollment" is turned off, follow the instructions of Enrolling macOS Devices Using a Third-Party Certificate.

You must have created an add devices rule that establishes enrollment settings before you can complete this procedure.

Important:

  • Choose the user account that you use to enroll to SOTI MobiControl carefully. Some configuration settings will only apply within the user account that was used for enrollment rather than to the entire device.

  • Enroll your macOS with or without a SOTI MobiControl device agent. A device agent is an application that provides additional device management capabilities. Enrolling without a device agent still provides significant control over your devices.

About this task

To enroll your macOS devices:

Procedure

  1. If using a device agent, ensure the SOTI MobiControl App for macOS Devices application catalog rule is enabled and targets the device groups you're enrolling your devices into.
  2. On the Apple tab, select the Rules tab.
  3. Select the add devices rule that you want to use to enroll macOS devices.
    The details of the add devices rule will appear in the Information pane. Make a note of the Enrollment URL.
  4. On the macOS device, copy the Enrollment URL into the address bar of the device's browser.
    You may receive a warning stating that the browser cannot verify the server identity. Click Continue to ignore it and proceed to the macOS Enrollment Service web page.

    If using a device agent, the device agent will automatically download and install itself on the device.

  5. Follow the instructions of either the Device Agent Setup Assistant (if enrolling with a device agent) or the Enrollment Service Web Page (if enrolling agentlessly).
  6. If the add devices rule was configured with LDAP, enter the applicable credentials into the device.
  7. Click Step 1 to begin downloading the SOTI MobiControl Trust Profile.
    This profile installs the SOTI MobiControl Root CA certificate on your macOS device. It is required to verify the SOTI MobiControl Management Profile.
    The macOS Profile Manager application will open to continue the installation of the SOTI MobiControl Trust and Management profiles.
  8. Click Install to initiate the download. Once the Trust Profile has finished downloading, click Install again to install the Trust Profile and continue with the enrollment process.
  9. Click Step 2 to download the SOTI MobiControl Management Profile. Click Allow and then Install and then Install again to install the SOTI MobiControl management profile.
    When you click Install, you will receive a warning message with a brief description of the purpose of the SOTI MobiControl Management Profile. Click Trust to continue.
  10. The installation process of the SOTI MobiControl Management Profile includes several steps that require user interaction, such as entering administrator credentials. Once the profile has finished installing on your device, click Done.

Results

Your device is now enrolled in SOTI MobiControl and can communicate with the SOTI MobiControl deployment server.