Jamf Client Onboarding with Scripts

The Mac EPM Core group has developed a script to simplify enrolling a computer in the campus Jamf instance, which does not require the user to go to a web page, or log in. They will have to enter their Mac username & password to approve the MDM profile.

Prerequisite: you must create an enrollment invitation in your site with the following parameters

• Do not require login
• Allow multiple uses

First copy the script onto the target computer, then run it as an admin user 

Script: utexas-jamf-enroll

 
Syntax: 

  sudo sh utexas-jamf-enroll inviteid [usereid] [daemon] [repeatminutes]

examples:

sudo sh utexas-jamf-enroll xxxxxxxxxxxxxx ah74
sudo sh utexas-jamf-enroll xxxxxxxxxxxxxx ah74 daemon 20

 
The inviteid is the number found in the Enrollment Invitation in Jamf (or the last part of the link that is emailed).
The username should be an EID, and does NOT have to be same as the logged-in user - it's used to assign the computer in Jamf.
 
When it runs, the user logged into the console will get prompted with this:
 

 
 
And then System Preferences - Profiles opens.  The script grants the user admin rights for up to 2 minutes after they click Continue while it waits for the user to approve the MDM profile.
 
Once the profile and Jamf are installed, the admin rights are removed immediately.
 

LAUNCHDAEMON

You can also run it as a launchdaemon, where it will repeatedly pop up the message every N minutes (default 30) until they approve the profile (then the launchdaemon is removed).  
Run it by adding the 'daemon' and the minutes to repeat the prompt:
sudo sh utexas-jamf-enroll inviteid usereid daemon 20