This guide outlines the workflow and ongoing maintenance requirements for university-owned Macs configured for shared or multi-user environments (such as computer labs, classrooms, or department kiosks).
Because these machines are utilized by multiple individuals, they follow a specialized deployment profile designed for high availability and dynamic user provisioning.
CRITICAL – Network & Login Requirements
Unlike 1:1 devices, shared Macs rely on Jamf Connect permanently at the login window to authenticate users against the university identity provider in real-time.
Step 1: Initial Apple Setup Assistant – To Be Completed by Lab Admin / iTech
-
Turn on the Mac. Choose your Language and Region.
-
Connect to a compatible network (see requirements above).
-
A Device/Remote Management screen will appear stating that the University of Southern Mississippi can automatically configure your computer. Click Enroll.
Step 2: Login via Jamf Connect
-
The standard Mac account creation screen will be replaced by a university-branded Microsoft Sign-In window.
-
Log in using your primary Microsoft credentials: wID@usm.edu and your password.
Jamf Connect will securely authenticate your identity and automatically create your local macOS user account matching your university credentials.
Step 3: Post-Enrollment & Asset Tracking
Once your desktop loads, Jamf Pro will begin processing campus policies in the background. Please complete the following prompts as they appear:
-
Asset Tag Prompt: A dialog box will appear asking for the six-digit USM asset number. IMPORTANT: Enter numbers only.
-
Keychain Access Prompt: A macOS system prompt will appear asking for permission for Self Service + to access your keychain.
Action Required: Enter your university Microsoft password and click Always Allow.
CRITICAL: You must select Always Allow. If you select "Allow" or "Deny," this prompt will continuously reappear and interrupt your work.
Setup Workflow: Shared vs. 1:1 Configuration
When setting up a brand-new or freshly reloaded shared Mac, you will proceed through Apple's out-of-box Setup Assistant. Here is what is identical to a 1:1 setup, and exactly where the workflow diverges:
|
Setup Step
|
Shared Mac Workflow
|
Comparison to 1:1 Flow
|
|
Region & Network
|
Choose Language/Region and connect to Ethernet or USM Limited.
|
Identical. Both require a password-only or wired network at boot.
|
|
Remote Management
|
The USM enrollment screen appears. Click Continue.
|
Identical. Both fetch their initial management profiles here.
|
|
Initial Login
|
Log in with any valid USM Microsoft credential (wID@usm.edu).
|
Identical. Jamf Connect creates the local account dynamically.
|
|
Asset Tag Prompt
|
Enter the six-digit USM asset number (numbers only).
|
Identical. Pops up immediately upon hitting the desktop. This prompt only appears for the first user who logs in.
|
|
Keychain Prompt
|
Enter the Microsoft password and click Always Allow.
|
Identical. Prevents persistent pop-up loops for that user.
|
|
FileVault Encryption
|
Skipped entirely. No encryption prompt will appear.
|
🛑 DIFFERENT. 1:1 Macs will force encryption here; Shared Macs keep FileVault disabled for multi-user reboots.
|
|
Subsequent Logins
|
The Microsoft Sign-In window stays permanently for all future logins.
|
🛑 DIFFERENT. 1:1 Macs hand off to the native Apple login screen. Shared Macs require Jamf Connect forever.
|
End-User Experience: How It Works
-
The Login Window: Users will always be greeted by a university-branded Microsoft Sign-In window (Jamf Connect), rather than the standard macOS login screen.
-
Account Provisioning: A user logs in using their standard university credentials: wID@usm.edu and password.
-
On-the-Fly Profiling: Jamf Connect securely verifies the credentials and dynamically creates a local standard user profile on the Mac. When the user logs out, their profile remains cached on the machine for quick access if they return.
Security Note: FileVault disk encryption is explicitly disabled on Shared Mac configurations to ensure seamless multi-user reboots and automated maintenance tasks.
Maintenance & Disk Space Management (For Lab Administrators & iTech)
Because Jamf Connect creates a new local home directory for every unique user who logs in, local profiles will accumulate over time. Over the course of a semester, a high-traffic lab computer can easily run out of disk space due to cached user data.
To prevent performance degradation, lab environments must be cleaned up regularly using one of the two authorized methods:
Method 1: The Self Service+ Profile Purge Tools
An iTech-developed maintenance script is scoped directly to these machines and is available in Self Service+ upon request.
How to execute: Open the Self Service+ application, navigate to the Tools and Utilities category, and run the two profile cleanup utilities in sequence: Unmigrate Network User Accounts, followed by Remove Network User Accounts.
Critical Data Warning: These tools completely erase all local user profiles and cached user data to free up disk space (while leaving core system applications and university configurations untouched). Only run these utilities at the end of the semester once you are certain students and faculty no longer need access to any data locally saved on the machine. Running them mid-semester will result in permanent data loss for your users.
Method 2: System Reload / Re-imaging
For heavy-use environments or labs requiring a completely pristine baseline before a new academic term: