From some document of Apple, I've read that: "Once the Mobile Device Management server and network are configured, the first step in managing an iPhone or iPad is to enroll it with an MDM server. Some MDM vendors use an app to kickstart this process, others initiate enrollment by directing users to a web portal to trigger the Over-the-Air Enrollment process via Safari."
After take a look on https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html
I have a stupid question: all that user have to do is logging in webpage, installing response profile when he is prompted and nothing more, no additional code on device because other actions which must execute on device like "response back to the server with specific device attributes" on phase 1, signing request on phase 2... are automatically done (by framework or some buildin client..., eg)
Am I wrong?
No, you are not wrong.
The tasks of the user are to specify credentials, after which the 'Over the Air profile delivery' protocol takes its course. The other phases you can see in that diagram are done by the iOS operating system and your server(which means you have to write your own SCEP server or pass the whole process to a SCEP service).
Have a nice day!