/
How to Deploy Unattended Enrollment on an Apple Device Using Jamf

How to Deploy Unattended Enrollment on an Apple Device Using Jamf

This article describes how to deploy unattended enrollment for the Barracuda SecureEdge Agent on Apple devices using Jamf. Jamf (commonly referred to as Jamf Pro) is a software platform for managing and securing Apple devices in organizations, including Macs, iPhones, and iPads (and other Apple endpoints).

Before You Begin

Ensure you have the following:

  • Admin access to your JAMF instance

  • A Barracuda SecureEdge tenant with enrollment configured

  • The SecureEdge Agent available in the Apple App Store

Step 1: Create an Enrollment Token

  1. In the Barracuda SecureEdge portal, create a group-based enrollment link.

  2. Specify the number of users you want to limit on the link.

  3. Copy the enrollment token. You will need it in the next step.

Step 2: Deploy Configuration and VPN Profiles

Configuration Profile

In Jamf, add a configuration profile using the enrollment token:

  • TENANT_TOKEN – Paste the enrollment token copied in Step 1.

  • USER_IDENTITY – Set the identity field as required for your environment.

conf-prof.png
VPN Profile

Create a VPN configuration profile so the OS can automatically accept it: Computer > Custom Profiles > VPN.

Field

Value

Field

Value

Connection Type

Custom SSL

Identifier

com.barracuda.gaurdian.macos

Server

127.0.0.1

Provider Bundle Identifier

com.barracuda.guardian.macos.extension

vpn-profile.png

Step 3: Deploy the macOS App

  1. In Jamf, go to Computer > Mac Apps.

  2. Add and deploy the SecureEdge Agent from the Apple App Store.

mac-app.png
sea.png

Note: The time it takes for the app to be picked up may be several hours, depending on the Apple Store.

new-mac-config.png

Step 4 (Optional) Deploy the Auto-Launch Using plist

Run this step only after the SecureEdge Access Agent has been downloaded and installed on the machine. The plist runs at load and works only if the required binary is already present.

You can manually click the application to trigger auto-enrollment, or you can deploy a plist to automate the launch.

Preference Domain: com.barracuda.gaurdian.macos

Option A - The .plist file for macOS Without the Tamperproof Protection
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>com.barracuda.secureedge</string> <key>LimitLoadToSessionType</key> <string>Aqua</string> <key>ProgramArguments</key> <array> <string>open</string> <string>--wait-apps</string> <string>/Applications/SecureEdge.app</string> </array> <key>RunAtLoad</key> <true/> </dict>
Option B - The .plist file for macOS USING the Tamperproof Protection
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>com.barracuda.secureedge</string> <key>LimitLoadToSessionType</key> <string>Aqua</string> <key>ProgramArguments</key> <array> <string>open</string> <string>--wait-apps</string> <string>/Applications/SecureEdge.app</string> </array> <key>RunAtLoad</key> <true/> </dict>

Deploy the appropriate plist via Jamf based on whether Tamperproof protection is required in your environment.

 

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.