Entrust PKI as a Service

Configuring Jamf in PKIaaS

Configure a PKIaaS workflow to process MDM (Mobile Device Management) Jamf enrollment requests with PKIaaS Certification Authorities.

To configure an MDM Jamf workflow in PKIaaS:

  1. Follow the steps described in Accessing your partitions to log into the PKIaaS interface as a user with any of the following roles:

  2. Click Enrollment Protocols in the sidebar.

    PNG

  3. Click the plus + icon to the right of the Protocol Configurations tab.

  4. Configure the following values in the Create Protocol Config dialog.

    Field Value
    Type Select MDM Jamf
    Protocol Configuration Identifier Enter a unique identifier for the new configuration in your PKI. This identifier must be 2-18 characters long and can only include lowercase letters, numbers, hyphens (’-’), and underscores (’_’).
    Description Enter an optional description of the protocol purpose.
    CA Identifier Select an issuing subordinate authority with profiles of the mdmws group.

    PNG

  5. Click Create.

  6. In the confirmation window, select the Digital IDs tab.

    PNG

  7. Click the plus + icon to the right of Digital IDs.

  8. Configure the following values in the Digital identifier dialog.

    Field Value
    Digital ID Enter a unique name of the new digital identifier.
    Parent DN Enter the parent Distinguished Name (DN) for building the RDN of a certificate. This value is appended to the end of the Subject DN after the RDN Format variables have been processed.
    RDN Format Enter the Relative Distinguished Name (RDN) format to build certificate Subject Names. See Jamf RDN Format for considerations on this value.
    CA Identifier Select an issuing subordinate authority with profiles of the mdmws group.
    Profile ID Select the mdmws profile to process the enrollment requests.

    IMG

  9. Click Create.

  10. Copy the URLs under the MDM Web Service URL and SCEP URL fields of the confirmation dialog.

    IMG

  11. In the navigation tree, select the name of the new protocol configuration.

  12. Select the Credentials tab.

  13. Click CREATE.

  14. In the Create MDM Credentials dialog, enter a username that is 2-18 characters long and only includes lowercase letters, numbers, hyphens (’-’), and underscores (’_’).

    IMG

  15. Click Create.

  16. Copy the Password value displayed in the confirmation dialog.

    IMG

    ⚠ As stated in the confirmation dialog before leaving this page, Entrust PKIaaS will not display the credential password again.