Shared Device Mode Configuration Using Jamf
Jamf is a trusted solution for managing iPads in various organizations, including businesses, schools, and hospitals. With over 70,000 customers, Jamf provides robust iPad management capabilities.
Prerequisites
- To use the shared iPad feature, the OS version of iPads must be 17 or later.
- IDmelon Authenticator app must be added to Jamf Pro. In case you are having issues with that, contact Jamf Support.
How to Configure
- Configure General, Scope and Self-Service according to your organization’s policies.
- Select the App Configuration tab from the menu, enter the following configuration as shown in the image below, and then click the Save button.
<dict>
<key>shared_device_passkeys</key>
<true/>
<key>authentication_type</key>
<string>onInit</string>
<key>device_id</key>
<string>$UDID</string>
<key>api_key</key>
<string>[API_KEY]</string>
</dict>
One-Time Use Passkeys:
Add the following key to the above configurations to automatically log the user out after their first login with the passkey.
<key>one_time_use_passkeys</key>
<true/>
Dedicated Deployments Base API URL:
If you are using dedicated deployment, such as on-premises, add the following key-value to the configurations.
<key>base_api_url</key>
<string>https://example.com/api/url</string>
Self Service URL:
By adding the self-service URL (available in the IDmelon Admin Panel > Security Keys > Workflows > Self-Service Actions) to the configurations, users will be redirected to the enrollment page if their card is not yet registered.
<key>self_service_url</key>
<string>https://panel.idmelon.com/self-service/{UID}</string>
Auto Logout:
By adding this configuration, users will be automatically logged out of the app after a specified time or after the first use of the passkey.
Allowed values: one-time use, 5m, 60m, 2h, 4h, 6h, 8h
<key>auto_logout</key>
<string>2h</string>
Note: The value of the authentication_type depends on the Card Verification Method that your organization’s admins have set in the IDmelon admin panel.
Allowed values for authentication_type:
- onInit: User is required to enter PIN once only after tapping the card on a reader.
- onUse: User is required to enter PIN for each login.
- none: The login process is done without entering any PIN (PINless mode).
Finally, you should see the IDmelon Authenticator app in the Mobile Device Apps.
Connect to the Organization
After adding the IDmelon Authenticator to the Jamf Pro panel, the application will be available on iPads as shown in the image below (or it can be installed through Self Service app).
Once the IDmelon Authenticator app opens, the activation process will be completed automatically.
If everything goes well, you will see the following view.
End User Experience
The login steps are as follows: at the beginning of the shift, an employee will first log in with their card, and at the end of the shift, by exiting the application, everything will be ready for the next person.
- Open the IDmelon Authenticator.
- Get close to the reader and tap your card on it.
- According to the Card Verification Method set in the IDmelon admin panel, if PIN is required, enter it. Otherwise, go to the next step.
- In case of successful login, user information will be displayed. At this stage, move the app to the background.
- Open the Jamf Setup app and tap on the Sign In button.
- Select the Sign-in options.
- Select the Face, fingerprint, PIN or security key.
- Tap the Continue.
- If the login operation is successful, you will see the following view, which can be different depending on your configuration in Jamf.
Logout Experience
At the end of the shift, first, open the IDmelon Authenticator and then tap the logout icon on the top right corner of the app. Your user information and existing passkeys will be deleted from the iPad.
If Soft Reset is enabled in Jamf Reset, to completely log out of all your accounts, first open one of the Microsoft applications (for example, MS Teams) and log out of it. After that, all your sessions and cookies will be completely deleted.