Jamf Pro
Jamf Pro
Jamf Pro is an enterprise mobility management tool that is used to enroll and manage devices such as iOS, iPad, and so on. This document describes the steps to deploy the Netskope Client app in the endpoint device using JAMF Pro.
To deploy client using Jamf Pro:
-
Log into Jamf Pro.
-
Click Devices.
-
On the left pane, click Configuration Profiles.
-
Click New > Options and provide the details to create a new profile.
-
Click VPN under the Options displayed on the left-pane.
-
Click Configure.
-
Provide the following details to configure VPN:
-
Enter the connection name. For example, Netskope VPN.
-
From the options displayed in the VPN Type dropdown, select VPN.
-
From the options displayed under Connection Type, select Custom SSL.
-
Enter com.netskope.Netskope in the Identifier field.
The second Netskope in com.netskope.Netskope is case-sensitive and ‘ N’ must be in uppercase. -
Enter gateway-<tenant-URL> in the Server field.
Replace <tenant-name> in the tenant URL with your tenant name. -
To enable zero-touch deployment, provide the following key-value pair in Custom Data:
-
OrgKey: <Your organization ID in the tenant>
-
AddonHost: addon-<tenant-URL>.
-
UserEmail: <Your email address>
-
-
Click the checkbox to select the option Enable VPN On Demand.
-
Provide On Demand Rules Configuration XML.
<array> <dict> <key>Action</key> <string>Connect</string> <key>InterfaceTypeMatch</key> <string>WiFi</string> </dict> <dict> <key>Action</key> <string>Connect</string> <key>InterfaceTypeMatch</key> <string>Cellular</string> </dict> </array>
Disabling VPN in iOS settings terminates the extension (this is iOS design), but it is reactivated by iOS automatically on network activity if OnDemandRules are configured. -
Click the checkbox to select the option Prohibit users from disabling on-demand VPN settings.
-
-
Click Certificate under the Options displayed on the left-pane.
-
Click Configure.
-
Provide the following details to configure certificates:
Go to your Netskope account to download root and intermediate certificates.-
Enter the name in Certificate Name. For easy reference, you can enter names according to the certificate that you want to upload. For example, ‘Netskope root certificate’ as the certificate name for uploading the root certificate.
-
Click Select > Upload.
-
Click Upload Certificate > Choose File to select and upload the certificates to Jamf. You can upload the root certificate first and then click the + icon to upload the intermediate certificate and repeat steps b and c.
To convert your .pem files to .cer files using openssl, use the following command in your terminal:openssl x509 -outform der -in rootcacert.pem -out rootcacert.der
openssl x509 -outform der -in cacert.pem -out cacert.der
-
-
Click Save to save the configuration profile.
-
Click Scope.
-
Click Edit at the bottom right corner of the UI.
-
Click Targets and select select a specific user (or a specific device).
-
Click Save.
-
Go to Devices > Content Management > Mobile Device Apps.
-
Click New to create a new app.
-
Choose one of the following App Type options:
-
App store app or apps purchased in volume.
-
In-house app
This document goes with the option “App store app or apps purchased in volume”.
-
-
Click Next.
-
In the Search or Upload section, search for Netskope Client app and select the app store country origin.
-
Click Next.
-
In the Add App section, click Add to select Netskope Client app.
-
It navigates to the New Mobile Device App screen.
-
Under the General tab, enter the Display Name.
-
Select iOS as the category to add the app to.
-
Click the Scope tab in Mobile Device Apps.
-
Click Targets and select select a specific user (or a specific device).
-
Click the App Configuration tab under Mobile Device Apps and provide the configuration details. For example:
<plist version=“1.0”> <dict> <key>OrgKey</key> <string>xxxxxxxxxxxxxx</string> <key>UserEmail</key> <string>$Email</string> <key>AddonHost</key> <string>addon-<tenant-URL></string> <key>EnrollAuthToken</key> <string>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</string> <key>EnrollEncryptionToken</key> <string>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</string> </dict> </plist>
– To get the OrgKey, you can log into the Netskope tenant > Settings > Security Cloud Platform > Netskope Client > MDM Distribution. Here go to Deployment Resources for iOS and copy the Organization ID from the Create VPN Configuration.
– Ensure to provide the same email address as added in your tenant.
– Use variables like “<string>$EMAIL</string>” in the email string. -
Click Save to save the new Mobile Device App.
-
The Mobile Device App screen displays the newly added app.