You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Wants to pass the host's serial number in macOS configuration profiles specifically.
customer-antonella: This isn't a blocker for us because we can use Santa's native %serial% placeholder but having the ability to use apples native vars would be nice
@noahtalerman: customer-hawking requested this because they're trying to deploy the Okta Verify profile to iOS hosts. They want to pass host vitals (serial number and hardware UDID) as variables in the configuration profile so that they can do human-host mapping in Okta. Okta relies on these variables getting populated from the MDM solution.
@nonpunctual: Important for hawking because the human using the device changes all the time (irregular). They're used by contractors doing door to door sales.
@nonpunctual: They also use Google Workspace. They want Okta to feed Google Workspace. Most folks at the org have access to GW.
@nonpunctual: On iOS UUID is called UDID. On macOS, it's UUID.
@nonpunctual: The customer wants to pre-populate the customer-hawking URL in Okta. That way, the end user doesn't have to type it in when they open Okta Verify.
@allenhouchins: customer-cisneros tried to use %SerialNumber% and %HardwareUUID% in an ACME certificate configuration profile. Didn't work.
customer-cisneros ran into this when testing ACME certificate payloads and referencing Apple supported variables that we only support in the VPN payload.
@allenhouchins: Today, I can use any of the 802.1x network variables if they're specified in a SCEP or VPN payload. In any other payload, these variables don't get populated. For example, they don't get populated in a Santa payload:
customer-antonellaby chance ran into the exact same issue and use case as we did internally: https://fleetdm.slack.com/archives/C0891RE11SP/p1747783971940039customer-antonellapromise was delivered.customer-antonella: This isn't a blocker for us because we can use Santa's native %serial% placeholder but having the ability to use apples native vars would be nicecustomer-hawkingrequested this because they're trying to deploy the Okta Verify profile to iOS hosts. They want to pass host vitals (serial number and hardware UDID) as variables in the configuration profile so that they can do human-host mapping in Okta. Okta relies on these variables getting populated from the MDM solution.hawkingbecause the human using the device changes all the time (irregular). They're used by contractors doing door to door sales.customer-hawkingran into this trying to deploy a configuration profile to their iOS devices for Okta Verify. They needed to use%SerialNumber%and%UDID%because Okta requires them for iOS/iPadOS. Deploying a SCEP certificate, like we do for macOS, isn't supported by Okta. Instead Okta uses a secret (static).customer-hawkingURL in Okta. That way, the end user doesn't have to type it in when they open Okta Verify.customer-cisnerostried to use%SerialNumber%and%HardwareUUID%in an ACME certificate configuration profile. Didn't work.customer-cisnerosran into this when testing ACME certificate payloads and referencing Apple supported variables that we only support in the VPN payload.