Skip to main content
Cisco Meraki Documentation

Apple User Enrollment Onboarding Guide

  1. Last updated
  2. Save as PDF

Apple User Enrollment is a method of iOS and macOS enrollment aimed at allowing organizations to securely deliver business content to end users’ devices while protecting end users’ privacy and data.  Follow the steps below to enroll or unenroll devices from Apple User Enrollment using Meraki Systems Manager.

 

For more information about configuring Apple User Enrollment in Meraki Systems Manager, check out the User Enrollment Deployment Guide in Meraki Documentation.

To enroll an Apple iPhone, iPad, or Mac in Apple User Enrollment, follow these steps: 

 

  1. On the target device, open Safari.  Go to the User Enrollment URL found under the User Enrollment settings in Systems Manager > Configure > General

     

  2. Login using a valid Systems Manager owner’s credentials. You will be prompted to download the configuration profile after successfully authenticating.
     
     

  3. Based on the device type, follow the steps below.

Note: User Enrollment can only be initiated using the web enrollment link published in Dashboard. It cannot be initiated using the Systems Manager App which is available in the Apple App Store for standard device enrollment.

iOS/iPadOS Enrollment

  1. Tap on Allow  to download the configuration profile, then tap Close to close the info prompt



     

  2. Depending on device model, return to the device's home screen by clicking on the Home button or swipe up from the bottom of the screen. Tap on the Settings icon on the homescreen

     

  3. In Settings, tap on the Enroll in…  option in the left menu pane

     

  4. Tap on Enroll My iPad.  If the device has a passcode, enter the passcode on the following screen


     

  5. At the prompt, enter the password for the Managed Apple ID.  You may be prompted to enter 2-factor authentication credentials if it is enabled in Apple Business Manager. 

  6. The device is now enrolled.  The management profile should display the appropriate Apple ID.

 

  1. If using Safari, click Allow to allow the device to download the enrollment configuration from Systems Manager
    clipboard_ef5802e3ef9c7a1dd59c9c8a11916aaf7.png
     
  2. After the configuration profile is downloaded, it should automatically open the Profiles settings and prompt the device to enroll.  Click Enroll
    (If the Profiles settings menu does not automatically open, double-click on the downloaded meraki_sm_mdm.mobileconfig file in the Downloads folder or an alternative download location) 
    clipboard_e560ce066027dcb25010d05b7b080c904.png
     
  3. If the local user account has a password, enter the password at the prompt
    clipboard_e3abb0ab6ca73d8196446731d7608b0b1.png
     
  4. At the prompt, enter the password for the Managed Apple ID.  You may be prompted to enter  or create 2-factor authentication credentials if it is enabled in Apple Business Manager. 
    clipboard_e6e9dc32483f334ce06043879f5471d64.png
     
  5. The device is now enrolled.  The management profile should display the appropriate Apple ID in the "Mobile Device Management" section of the profile.
    clipboard_e571399dffdeef18e99b1a657405df36a.png

Unenrolling from User Enrollment

Unenrollment from Apple User Enrollment can be triggered by end users locally on the device or remotely by an administrator from the Meraki Dashboard. To maintain privacy, device records are automatically deleted from Systems Manager when a device is unenrolled. 

Removal of Management by End Users

In Apple User Enrollment the end user is always in control of when they would like to leave management. End users can remove themselves at anytime directly on the device. Once management is removed, the device's Managed Apple ID and all content installed via Systems Manager will be securely removed. The end user's device will be back to its original state and the personal Apple ID and content will be untouched. 

 

On macOS, go to System Preferences > Profiles. With the Meraki Management profile selected, click on the "-" button in the lower left of the window to remove management. 

clipboard_eece036ecc84cedbf6522fd98a4dc1517.png


In iOS, go to Settings > General > Profiles & Device Management.  Tap on the "Meraki Management" profile, then tap on Remove Management.

 

unenroll.jpeg

 

Removal of Management from Dashboard

Meraki Dashboard administrators can also remotely remove Meraki Management from devices they no longer wish to manage by sending the Unenroll device command inside of the MDM commands on the device's details page in Dashboard. 

 

Screen Shot 2020-03-30 at 4.08.06 PM.png