- 06 Sep 2024
- 3 Minutes to read
- Print
- PDF
Primary and Auto Admin account creation during ADE Setup on macOS
- Updated on 06 Sep 2024
- 3 Minutes to read
- Print
- PDF
With Pre-stage setup, ADE - Automated Device Enrollment (formerly DEP) on macOS devices can be simplified for end users and also allow IT admins to configure user and admin accounts directly out of the box. Some of the key benefits of this feature can be enumerated as:
- Configure primary account details that need to be created during the setup process or even choose to completely skip creating a primary account.
- Configure type of Primary account (Standard or Admin)
- Choose to auto-create an Admin account during the enrollment process.
- Choose to hide the auto created admin account and configure this as the managed/enrolled user instead of the primary account that is created.
The article below explains how macOS Pre stage configurations can be implemented via Scalefusion Dashboard and the user experience on devices.
Pre-Requisites
- A valid Scalefusion Dashboard account.
- A Mac device that is purchased under ADE program.
- ADE/DEP Setup should be done on Scalefusion Dashboard.
Steps
- Login to Scalefusion Dashboard.
- Navigate to Getting Started > Apple Setup > ADE/DEP.
- Click on Configure Device Setup Settings
- Scroll down and navigate to macOS Pre-stage Setup. It has two sections, viz. Primary Account and Admin Account
Primary Account creation
For Primary Account Creation, select one from the following options:
- Do Not Create Primary Account: If this is selected, no primary account will get created automatically.
- Create Primary Account: Provide the details to create primary account:
- Primary Account Type: Configure the account type of the created user by selecting one option from the drop-down:
- Admin
- Standard
- Configure Default Account Details: The primary account on the device will be created with the details you provide here:
- Account Full Name
- Account Username
Note: Spaces are not allowed in username and allowed special characters are dot(.), underscore(_) and hypen(-)Password needs to be set by the user at the time of setup
- Allow user to modify these values: If enabled, users can modify the account details from the device
- Prefill using the username of the user enrolling the device: This setting is applicable in case of User Authenticated enrollment. If enabled, the primary account details will be of the user who is enrolling the device instead of default account details (Account Full Name and Account Username) provided here.
- Primary Account Type: Configure the account type of the created user by selecting one option from the drop-down:
Admin Account creation
- Auto create Admin account: Enable this and provide following details to automatically create an admin account at the time of device setup:This setting is enforced, that is, it is mandatory to auto create admin account if,
- You have chosen Do not create Primary account, Or
- In Default account details, Primary Account Type is selected as Standard
- Account Full Name
- Account Username
- Password: The configured password will be visible in the User Account Managementsection on the Device Details page. Select one of the options from below:
- Automatically generate a unique password per device
- Configure a static password: Enter a password for logging in with admin account.Password should be 8 characters or more and should adhere to Organization's password policy
- Mark as Hidden Account: With this enabled, the admin account will be created but won't be visible on the device.
- Mark this Admin account as Managed User: Configures and marks the auto-created admin account as Managed/Enrolled User instead of the primary account that is created.
Important Points to Note
- You can have a Primary account as admin type and also have an auto created admin account at the same time.
- In User Account Management section, the auto created admins will reflect as ADE Admin under Account Type. This account cannot be changed to a standard user or deleted.
- Custom Properties ($device. or $user.) are also supported while providing account full name and account username for primary as well as admin account.
- Managed user will not get created if you have chosen not to create a primary account and have also disabled the setting Mark this Admin account as Managed User under Auto-create admin account settings.
How it Works on Device
The prestage settings configured become applicable while setting up a macOS device after unboxing or hard reset, once you are on Remote Management screen. This is explained with the help of few cases
Primary account creation
For example, you have configured the following settings on Dashboard:
- Create Primary account as Standard user type
- Auto-create admin account
On device,
- The primary account details (as set on Dashboard) will be prefilled on device during setup.Password needs to be set by the user at the time of setup
- The admin account will be automatically created.
- After completion of setup, notice the primary account and admin account will reflect under Users & Groups section on device.
Primary Account creation where user cannot modify details
Settings on Dashboard
- Create Primary account as Standard user type
- The setting Allow user to modify these values is disabled
On device,
- The primary account details (as set on Dashboard) will be prefilled on device during setup and will not be editable by the end user.
Admin account creation
- Enabled auto create admin account.
On device,
- The admin account will be created and displayed during setup.
- On completion of setup process, notice that the account will be displayed in Users & Groups section on the device.