We use Jamf to deploy the NS Client to our Mac fleet. After enabling the new secure enrollment features (Settings > Security Cloud Platform > MDM Distribution > Secure Enrollment) and generating the access tokens, it appears we add them to our existing Jamf deployment policy. If I am reading the directions right the tokens must be renewed, and the Jamf policy updated, every 90 days by default. Is that correct?
Page 1 / 1
That is correct - if you use IdP mode, you don’t need to use secure enrollment.
If you are using email-invite or IdP enrollment method for your NS Clients, you still need to use Secure Enrollment. However, with those deployment methods, you do not need to pass the authentication token to the endpoints, you can simply enable the token and then leave it.
If you are using UPN-based or plist-based enrollment, then the authentication token needs to be added to the existing deployment policy/scripts/commands (in this case, Jamf). This token should then be pushed out to all of your endpoints, especially those which will expect new user enrollments.
The token can be extended for 7 - 365 days. There is no limit on the number of times you can extend the expiration of the token.
I hope this helps. Feel free to reply back or email us at psirt@netskope.com with any additional questions, comments, or concerns.
Reply
Login to the community
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Login with SSO
Employee Partneror
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.