The Mac@IBM enrollment app makes setting up macOS with Jamf Pro more intuitive for users and easier for IT. The application offers IT admins the ability to gather additional information about their users during setup, allows users to customize their enrollment by selecting apps or bundles of apps to install during setup, and provides users with next steps when enrollment is complete.
Setting up the privileged helper (JAMFIntegrationHelper)
- Make sure your build targets all have proper signing certificates assigned in the Build Settings/General tab.
- Build and run a copy of the app. You will need this build path for step 5.
- Download a copy of the SMJobBlessUtil from Apple.
- Copy the python tool to the root of your project folder.
- From the terminal navigate to the root of your project folder and run the following:
./SMJobBlessUtil.py setreq /the/path/to/a/buildCopyOfYourApp enrollment/enrollment/Info.plist enrollment/JAMFIntegrationHelper/JAMFIntegrationHelper-Info.plist
This should create anchor keys in both the
Info.plist for the app and
-Info.plist of the helper. You can validate that the certificates are properly matching using the check option of the Utility:
./SMJobBlessUtil.py check /the/path/to/a/buildCopyOfYourApp
A blank return means success. You can also see the anchor keys present in Xcode by looking at the corresponding property lists.
Constant files to configure behavior and UI elements.
Stored Properties can be found in constants files located in the
Constants directory of the project.
Note: you will need to configure the JAMFConstants.swift file with the policy event ID's for removing framework and bundle installation as well as Jamf URL's (primarily the production URL).
The application experience flows through three phases:
- Getting to know a little about you.
- Installing software bundles to get you up and running.
- Education / URL link actions for next steps and help.
The application provided is a UI that takes input from both the customer as well as a Jamf event policy script.
The application and corresponding JAMFIntegrationHelper binary / daemon are deployed on enrollment to the system.
Additionally a script can be run to retrieve / provide information to the app's plist that lives in the customer's
- The hrFirstName populated through the LDAP connector, retrieved via API request from the client and written.
- A speed test package to run the background to populate the plist with a download rate value.
- The bundle sizes as well as a calculated rate in seconds per bundle for bundle selection screen.
All key names can be found in corresponding Constants files which are in turn references through the app code.
The customer is greeted by the welcome screen and can move through the steps of answering questions. The data is recorded to keys specified for later retrieval by extension attribute if needed. Should there be a desire to opt-out of management, the cancel button can initiate a Jamf event policy for a decommission workflow provided by the Jamf admin.
Once through the registration phase, the app can reboot the system allowing for disc encryption and any security policies to be applied ahead of software installation.
The customer is returned to the application bundle install screen after logging in from the reboot.
When they have made their selection and choose to move forward, a Jamf event request is made to begin the bundle installation. The script behind this event will examine an array of bundle choices the customer has made and process accordingly, being sure to update the UI with the corresponding property list keys each step of the way.
- Finally, the customer is provided with resources to help them with their new job.