Jamf School

Jamf School is a purpose-built mobile device management (MDM) solution for education. Jamf School is a purpose-built mobile device management solution for education that helps in securing and deploying macOS and iOS devices.

This section describes the steps to deploy the Netskope Client app in an iOS device using Jamf School.

To deploy Client using Jamf School:

1. Log into JAMF School.

   

2. Click Profiles to see the configured profiles.

   

3. Click any configured Profile to edit the following details:

   • Certificates

     1. Go to General Payload > Certificates.

     2. Download Root and Intermediate Certificates from your Netskope account and then upload them here.

        

   • Notifications

     This step is optional.

     1. Go to General Payload > Notifications.

     2. Configure this part to prevent the Netskope Client from prompting the user to enable its notifications.

        

   • Restrictions

     This step is optional.

     1. Go to iOS Payload > Restrictions.

     2. Disable Allow creation of VPN configurations in the Connectivity settings.

        

   • VPN

     1. Go to iOS Payload > VPN.

     2. The Netskope Client updates this definition, pre-creating it to prevent prompting the user to add a new VPN configuration.

        Refer to the following table to understand the VPN configuration attributes:

        Attribute Name	Value
        Connection Name	Anything
        Connection Type	Custom SSL
        Identifier	com.netskope.Netskope (case sensitive)
        Provider Type	Packet Tunnel
        Server	gateway-[tenantname].goskope.com
        User Authentication	Password
        Enable VPN on-demand Note: This document goes with the On-demand VPN. You can choose to use Per-App VPN config	enable option
        On demand rules configuration XML	Action Connect InterfaceTypeMatch WiFi Action Connect InterfaceTypeMatch Cellular
        Prohibit users from disabling on-demand VPN settings	enable option

        To add zero-touch configuration, use the Custom Data field in VPN. Adding zero-touch configurations allow automated deployment of the Client thereby removing the user interaction for enrollment. To add zero-touch, use the following Key-Value pair:

        • OrgKey: Use the tenant organizational key

        • AddonHost: Use the addon URL for the tenant: addon-<tenant-URL>

        • UserEmail: Use the variable that contains the user identity for the enrolment. Most likely %Email%

        Do not use Managed Configuration if you are planning to automate the deployment process of the NS Client.

4. Next, click Apps > Inventory.

   

5. Click + Add App to add the Netskope application and select Add iOS App from the dropdown menu.

   

6. Add Netskope Client application.

   

7. Edit the installed application and ensure to select Apply Managed Configuration.

   

8. Go to the Managed Configuration section and provide the configuration details.

   Configuration details:

   <plist version="1.0">
   <dict>
   <key>OrgKey</key>
   <string>xxxxxxxxxxxxxx</string>
   <key>UserEmail</key>
   <string>%Email%</string>
   <key>AddonHost</key>
   <string>addon-<tenant-URL>/string>
   </dict>
   </plist>

   – You must replace OrgKey and Addon Host with tenant values.
   – Ensure that the managed configuration is applied to the user/device before deploying. Failure to do so prevents the Netskope client from downloading its configuration.
   – Zero-touch deployment: Do not use the managed configuration as it conflicts with the VPN profile.