This is episode seven in our series on setting up and managing devices using Server’s Profile Manager service. If you’re just tuning in now, you’ll want to look at:
- A Primer in Profile Manager
- The Setup
- The Server App
- Manage Your Server Remotely
- Set Up Open Directory
- Turn on Profile Manager
At the end of the previous tutorial we took a quick look around Profile Manager. I pointed out that, unless you were bound to an existing directory service or you had pre-existing user accounts created in your local directory database (other than your administrative user), there were no other user accounts available for user with Profile Manager. We’re about to remedy that.
There are a couple of ways to add new users to your Open Directory database, including importing users from a properly formatted text file. While importing users is quicker, we’re going to add a few users manually, as creating a properly formatted import file would take too long.
If you want to add users by importing them, I recommend you get a copy of MacInMind’s Passenger app, which makes quick work of taking a delimited text file full of users and uploading them to your Open Directory database.
We’re going to create five new user accounts using the Server app on your administrative computer:
- Open the Server app on your administrative computer.
- Select Users under the Accounts section of the sidebar.
- Click the + button appearing at the bottom of the Users window.
- From the Directory menu select Local Network Directory.
- Enter a name in the Full Name field.
- Leave the Account Name field unchanged.
- Add an email address, although this isn’t required.
- Enter a password in the Password and Verify fields.
- Select Local Only in the Home Folder field.
- Enter a keyword in the Keywords field, if you like.
- You may also select a user’s account picture, if you want.
When you’ve completed the steps above you should see something that looks similar to the screenshot below.
If everything looks correct, click the create button to create the new user account.
The first time you create an account you may be asked to authenticate as the Directory Administrator.
If you see this authentication sheet, enter your Directory Administrator’s user id and password.
Repeat this process, creating four more users. When you’re done, choose All Users from the menu appearing in the Users. What you see should look something like this:
Verify that users can log in
Now that we’ve created user accounts, let’s see if they can log in to Profile Manager’s My Device’s user portal.
- Open a web browser and type:
yourserver.yourdomain.com/mydevicesand press the return key.
- Trust your server’s SSL certificate if you’re asked to do so.
- Enter the account name and password for one of the users you’ve just created and log in.
If everything is working properly, your newly created user should be able to log in, but take note that your user still can’t enroll a device. We’re just about to remedy that.
- Click the Logout button.
- In your browser’s address field type:
yourserver.yourdomain.com/profilemanagerand press the return key.
- Enter the account name and password you just used to log in to the My Devices user portal.
Note that, unless the user account you used was created as an administrator, the user cannot log in.
- Log in as an administrative user.
- Select Users from the Library sidebar in Profile Manager.
You should now see all the users you just created, including any local users created on your server, in Profile Manager.
Note: Take a closer look at the Library sidebar in Profile Manager. While there are users, there still isn’t an option for managing devices. In order to manage devices we need to enable Profile Manager’s device management features.
Enable device management
Don’t log out of Profile Manager. Instead, minimize the Profile Manager Web page and open the Server app. If you need to, select your server from the list of available servers, click Continue and log in.
With the Server app open:
- Select Profile Manager under the Services section in the app’s sidebar.
- Note that it says Disabled in the Device Management section of Profile Manager. Click the Configure button.
- The Server app will now check to see if Open Directory is enabled. When the check is complete, click the Next button.
- Enter your organization information.
- At the screen titled, “Configure an SSL Certificate,” select your Self-signed certificate and click Next.
Note: At this point we are going to create a link between your server and Apple’s Push Notification Service. This requires that you enter a Verified Apple ID, which you can create and manage at Apple’s Apple ID website. For the purposes of these exercises you can you any existing Apple ID you have, but for any business or educational environment you should consider creating an Apple ID that is used only for business purposes and use that to sign in.
- Enter your Apple ID and password and click the Next button.
- Click the Finish button once the app completes the process of acquiring a Push Notification certificate.
Note that the Device Management section of Profile Manager now says Enabled. You should also receive an email from Apple letting you know that several services hosted by your server have been associated with Apple’s Push Notification Services.
Re-open and refresh the browser page where you’re logged in to Profile Manager. Note that now the sidebar has added Devices and Device Groups to the Library and a new section titled Activity, containing two items, Active Tasks and Completed Tasks, has appeared.
You’re now able to begin managing devices, which we’ll start doing in the next episode.