Skip to content
No description, website, or topics provided.
Go Shell Makefile Dockerfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Linting Sep 17, 2019
db Linting Oct 2, 2019
director More linting Oct 3, 2019
log Switch urls of the repo Sep 17, 2019
tools cleanup Sep 17, 2019
utils More linting Oct 3, 2019
.gitignore Signing and hash the profile uuid Jul 18, 2019
.golangci.yaml Check the payload id too Oct 2, 2019
LICENSE Add a license Sep 10, 2019
MDMDebug.mobileconfig So many changes. Aug 28, 2019
Makefile Linting Oct 2, 2019 Contributing Sep 17, 2019
go.mod More linting Oct 2, 2019
go.sum More linting Oct 2, 2019
main.go More linting Oct 2, 2019


MDMDirector is an opinionated orchestrator for MicroMDM. It enables profiles to be managed with MicroMDM in a stateful manner, via a RESTful API. It also allows for installation of packages either just at enrollment or immediately. It uses MicroMDM's webhook functionality to recieve events from MicroMDM and then instructs MicroMDM to perform appropriate action. As such, MDMDirector does not need to be exposed to the public internet.


MDMDirector is a compiled binary - it has no external dependencies other than a Postgresql database and optionally a signing certificate for signing profiles. It is configured using flags.


  • -cert /path/to/certificate - Path to the signing certificate or p12 file.
  • -dbconnection yourconnectionstring - (Required) Database connection string. Example: host= port=5432 user=postgres dbname=postgres password=password sslmode=disable
  • -debug - Enable debug mode. Does things like shorten intervals for scheduled tasks. Only to be used during development.
  • -key-password string - Password to decrypt the signing key or p12 file.
  • -loglevel string - Log level. One of debug, info, warn, error (default "warn")
  • -micromdmapikey string - (Required) MicroMDM Server API Key
  • -micromdmurl string - (Required) MicroMDM Server URL
  • -password string - (Required) Password used for basic authentication
  • -port string - Port number to run mdmdirector on. (default "8000")
  • -private-key string - Path to the signing private key. Don't use with p12 file.
  • -push-new-build - Re-push profiles if the device's build number changes. (default true)
  • -sign - Sign profiles prior to sending to MicroMDM. Requires -cert to be passed.



  • Posting / removing profiles and apps
  • Example for systemd


  • Support for Lock/Wipe
  • App state inspection binary (perhaps a separate service to MDMDirector due to requiring exposure to the public internet)
  • FileVault Key escrow to Crypt (and compatible servers)
  • Re-push enrollment profile when SCEP certificate is coming up to expiry


  • File issues
  • Open Pull Requests
You can’t perform that action at this time.