Jamf School
Jamf School is a purpose-built mobile device management (MDM) solution for education. Jamf School is a purpose-built mobile device management solution for education that helps in securing and deploying macOS and iOS devices.
This section describes the steps to deploy the Netskope Client app in an iOS device using Jamf School.
To deploy Client using Jamf School:
Log into Jamf School.
Click Profiles to see the configured profiles.
Click any configured Profile to edit the following details:
Certificates
Go to General Payload > Certificates.
Download Root and Intermediate Certificates from your Netskope account and then upload them here.
Notifications
Go to General Payload > Notifications.
Configure this part to prevent the Netskope Client from prompting the user to enable its notifications.
Restrictions
Go to iOS Payload > Restrictions.
Disable Allow creation of VPN configurations in the Connectivity settings.
VPN
Go to iOS Payload > VPN.
The Netskope Client updates this definition, precreating it to prevent prompting the user to add a new VPN configuration.
Provide the following details:
Connection Name: Anything
Connection Type: Custom SSL
Identifier: com.netskope.Netskope (case sensitive)
Provider Type: Packet Tunnel
Server: gateway-[tenantname][.eu].goskope.com
User Authentication: Password
Enable VPN on-demand: enable option
On demand rules configuration:
<array> <dict> <key>Action</key> <string>Connect</string> <key>InterfaceTypeMatch</key> <string>WiFi</string> </dict> <dict> <key>Action</key> <string>Connect</string> <key>InterfaceTypeMatch</key> <string>Cellular</string> </dict> </array>
Prohibit users from disabling on-demand VPN settings: enable option
To add zero-touch deployment configuration, use the Custom Data field in VPN. Adding zero-touch configurations allow automated deployment of the Client thereby removing the user interaction for enrollment. To add zero-touch, use the following Key-Value pair:
OrgKey: Use the tenant organizational key.
AddonHost: Use the addon URL for the tenant:addon-[tenant].[eu].goskope.com.
UserEmail: Use the variable that contains the user identity for the enrolment.
Important
Do not use Managed Configuration if you are planning to automate the deployment process of Netskope Client.
Next, click Apps > Inventory.
Click + Add App to add the Netskope application and select Add iOS App from the dropdown menu.
Add Netskope Client application.
Edit the installed application and ensure to select Apply Managed Configuration.
Go to the Managed Configuration section and provide the configuration details.
<plist version="1.0"> <dict> <key>OrgKey</key> <string>xxxxxxxxxxxxxx</string> <key>UserEmail</key> <string>%Email%</string> <key>AddonHost</key> <string>addon-xxxxxxx.goskope.com</string> </dict> </plist>
Note
You can replace OrgKey and Addon Host with tenant values.
Important
Ensure that the managed configuration is applied to the user/device before deploying. Failure to do so prevents the Netskope client from downloading its configuration.
Zero-touch deployment: Do not use the managed configuration as it conflicts with the VPN profile.