Jamf School
Jamf School
Jamf School is a purpose-built mobile device management (MDM) solution for education. Jamf School is a purpose-built mobile device management solution for education that helps in securing and deploying macOS and iOS devices.
This section describes the steps to deploy the Netskope Client app in an iOS device using Jamf School.
To deploy Client using Jamf School:
-
Log into JAMF School.
-
Click Profiles to see the configured profiles.
-
Click any configured Profile to edit the following details:
-
Certificates
-
Go to General Payload > Certificates.
-
Download Root and Intermediate Certificates from your Netskope account and then upload them here.
-
-
Notifications
This step is optional.-
Go to General Payload > Notifications.
-
Configure this part to prevent the Netskope Client from prompting the user to enable its notifications.
-
-
Restrictions
This step is optional.-
Go to iOS Payload > Restrictions.
-
Disable Allow creation of VPN configurations in the Connectivity settings.
-
-
VPN
-
Go to iOS Payload > VPN.
-
The Netskope Client updates this definition, pre-creating it to prevent prompting the user to add a new VPN configuration.
Refer to the following table to understand the VPN configuration attributes:
Attribute Name Value Connection Name Anything Connection Type Custom SSL Identifier com.netskope.Netskope (case sensitive) Provider Type Packet Tunnel Server gateway-[tenantname].goskope.com User Authentication Password Enable VPN on-demand
Note: This document goes with the On-demand VPN. You can choose to use Per-App VPN configenable option On demand rules configuration XML
Action
Connect
InterfaceTypeMatch
WiFi
Action
Connect
InterfaceTypeMatch
Cellular
Prohibit users from disabling on-demand VPN settings enable option To add zero-touch configuration, use the Custom Data field in VPN. Adding zero-touch configurations allow automated deployment of the Client thereby removing the user interaction for enrollment. To add zero-touch, use the following Key-Value pair:
-
OrgKey: Use the tenant organizational key
-
AddonHost: Use the addon URL for the tenant: addon-<tenant-URL>
-
UserEmail: Use the variable that contains the user identity for the enrolment. Most likely %Email%
Do not use Managed Configuration if you are planning to automate the deployment process of the NS Client. -
-
-
-
Next, click Apps > Inventory.
-
Click + Add App to add the Netskope application and select Add iOS App from the dropdown menu.
-
Add Netskope Client application.
-
Edit the installed application and ensure to select Apply Managed Configuration.
-
Go to the Managed Configuration section and provide the configuration details.
Configuration details:
<plist version="1.0"> <dict> <key>OrgKey</key> <string>xxxxxxxxxxxxxx</string> <key>UserEmail</key> <string>%Email%</string> <key>AddonHost</key> <string>addon-<tenant-URL>/string> </dict> </plist>
– You must replace OrgKey and Addon Host with tenant values.
– Ensure that the managed configuration is applied to the user/device before deploying. Failure to do so prevents the Netskope client from downloading its configuration.
– Zero-touch deployment: Do not use the managed configuration as it conflicts with the VPN profile.