Skip to main content

Netskope Help

Jamf School

Jamf School is a purpose-built mobile device management (MDM) solution for education. Jamf School is a purpose-built mobile device management solution for education that helps in securing and deploying macOS and iOS devices.

This section describes the steps to deploy the Netskope Client app in an iOS device using Jamf School.

To deploy Client using Jamf School:

  1. Log into Jamf School.

    Step_1.png

  2. Click Profiles to see the configured profiles.

    Step_2.png

  3. Click any configured Profile to edit the following details:

    1. Certificates

      1. Go to General Payload > Certificates.

      2. Download Root and Intermediate Certificates from your Netskope account and then upload them here.

        Step_3.png

    2. Notifications

      1. Go to General Payload > Notifications.

      2. Configure this part to prevent the Netskope Client from prompting the user to enable its notifications.

        Step_4.png

    3. Restrictions

      1. Go to iOS Payload > Restrictions.

      2. Disable Allow creation of VPN configurations in the Connectivity settings.

        Step_5.png

    4. VPN

      1. Go to iOS Payload > VPN.

      2. The Netskope Client updates this definition, precreating it to prevent prompting the user to add a new VPN configuration.

      3. Provide the following details:

        • Connection Name: Anything

        • Connection Type: Custom SSL

        • Identifier: com.netskope.Netskope (case sensitive)

        • Provider Type: Packet Tunnel

        • Server: gateway-[tenantname][.eu].goskope.com

        • User Authentication: Password

        • Enable VPN on-demand: enable option

        • On demand rules configuration:

          <array>
<dict>
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
<dict>
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
</dict>
</array>

        • Prohibit users from disabling on-demand VPN settings: enable option

      4. To add zero-touch deployment configuration, use the Custom Data field in VPN. Adding zero-touch configurations allow automated deployment of the Client thereby removing the user interaction for enrollment.  To add zero-touch, use the following Key-Value pair:

        • OrgKey: Use the tenant organizational key.

        • AddonHost: Use the addon URL for the tenant:addon-[tenant].[eu].goskope.com.

        • UserEmail: Use the variable that contains the user identity for the enrolment.

        Important

        Do not use Managed Configuration if you are planning to automate the deployment process of Netskope Client.

  4. Next, click Apps > Inventory.

  5. Click + Add App to add the Netskope application and select Add iOS App from the dropdown menu.

  6. Add Netskope Client application.

    Add_Netskope_Client_App.png

  7. Edit the installed application and ensure to select Apply Managed Configuration.

    Step_8.png

  8. Go to the Managed Configuration section and provide the configuration details.

    <plist version="1.0">
<dict>
<key>OrgKey</key>
<string>xxxxxxxxxxxxxx</string>
<key>UserEmail</key>
<string>%Email%</string>
<key>AddonHost</key>
<string>addon-xxxxxxx.goskope.com</string>
</dict>
</plist>
    Step_9.png

    Note

    You can replace OrgKey and Addon Host with tenant values.

    Important

    • Ensure that the managed configuration is applied to the user/device before deploying. Failure to do so prevents the Netskope client from downloading its configuration.

    • Zero-touch deployment: Do not use the managed configuration as it conflicts with the VPN profile.

In this section: