The Mac EPM Core group has developed a script to simplify enrolling a computer in the campus Jamf instance, which does not require the user to go to a web page, or log in. They will have to enter their Mac username & password to approve the MDM profile.
Prerequisite: you must create an enrollment invitation in your site with the following parameters
Do not require login
Allow multiple uses
First copy the script onto the target computer, then run it as an admin user
The inviteid is the number found in the Enrollment Invitation in Jamf (or the last part of the link that is emailed). The username should be an EID, and does NOT have to be same as the logged-in user - it's used to assign the computer in Jamf. When it runs, the user logged into the console will get prompted with this: And then System Preferences - Profiles opens. The script grants the user admin rights for up to 2 minutes after they click Continue while it waits for the user to approve the MDM profile. Once the profile and Jamf are installed, the admin rights are removed immediately.
LAUNCHDAEMON
You can also run it as a launchdaemon, where it will repeatedly pop up the message every N minutes (default 30) until they approve the profile (then the launchdaemon is removed). Run it by adding the 'daemon' and the minutes to repeat the prompt: sudosh utexas-jamf-enroll inviteid usereid daemon 20
EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.