Create an end user-based provisioning workflow for Jamf deployments with a DEPNotify interface.
It has become increasingly important in many organizations to be able to ship a new Mac directly to an employee and have it ready for the user right out of the box.
We take a three-pronged approach to zero-touch provisioning:
- Apple Business/School Manager and Automated Device Enrollment
- Jamf Prestage Enrollments
- DEPNotify
This script controls the workflow from the time the machine is enrolled to the time the user logs in. At that point, DEPNotify launches and guides the new employee through the setup of their machine to company standards.
I want to take a moment to credit Richard Purves (aka “franton”) in the Jamf Nation and MacAdmins communities as the inspiration for much of this script. He had posted a very wonderful script to the #depnotify channel of the MacAdmins Slack server in December of 2018. I may have written this version, but it shares a lot of the same DNA as his initial work.
The philosophy, use cases, and detailed examples are included in a three-part blog series called Creating Magic With Endpoint Provisioning on our website:
- DEPNotify Package. Can be found at https://gitlab.com/Mactroll/DEPNotify/-/releases
- Parameter 4: Base64 encoded string for username/password.
- Label: Base64 encoded string for username/password.
- Type: String
- Instructions: Created in Terminal using "echo -n 'username:password' | base64 | pbcopy"
- Example: YXBpdXNlcm5hbWU6cGFzc3dvcmQK
- Parameter 5: Options to pass to DEPNotify
- Label: Options to pass to DEPNotify
- Type: Options
- Options: -fullscreen | -jamf
- -fullscreen: Makes the DEPNotify window full screen so the user can't interrupt it
- -jamf: Reads the Jamf log and puts it into the status window
- More info: https://gitlab.com/Mactroll/DEPNotify#application-flags
- Parameter 6: Initial title - defaults to "Welcome to your new Mac!" -Label: Initial Title -Type: String -Example: "Welcome to your new Mac!"
- Parameter 7: Full path to logo - must be previously deployed to work -Label: Full path to logo -Type: File Path -Example: "/Library/Application Support/Rocketman/logo.png"
- Parameter 8: Title of window - not normally visible to users
-Label: Title of Window
- -Type: String -Example: "Welcome to your new Mac!"
The "Onboarding with DEPNotify" starter script workflow is meant to work out-of-box without any customization. However, the true power of DEPNotify is in the customization of the the workflow. With DEPNotify, you can:
- Control the provisioning workflow
- Provide instructions for users on components they need to setup
- Wait to continue until certain components are installed
- And anything else you can think of in a bash script!
Because of this, we've created an auxiliary script with examples of different onboarding workflows you can setup within DEPNotify. These workflows are located in the "DEPNotify Examples.sh" script and can be copied into your onboarding.sh script.
Auto Deployment
- Upload the DEPNotify Package found in https://gitlab.com/Mactroll/DEPNotify/-/releases
- Run the Auto Deployment script
- Add the DEPNotify Package to the Onboarding with DEPNotify Policy
Manual
- Add the onboarding.sh script to Jamf Pro with the Parameter Labels above
- Create a Policy deploying onboarding.sh Once Per Computer with the Enrollment trigger with the parameters set above
- Optional: Create an API User with the following permissions and add the API Hash to Parameter 4 -Departments: Read
- Optional: Package and upload a logo and add it the path to the logo to Parameter 7