Apty Client Extension Distribution for MacOS Server
PREREQUISITES:
This document represents a detailed guide for Managing Remote Devices and creating device groups; if Administrators already perform Mobile Devices Management, skip Device Group creation and spreading Trust Profiles across devices, you can move on directly to adding appropriate payload to the profile.
Server
There are a number of tools for managing Mac users remotely, with JAMF Pro and MacOS Server being the most popular in this category.
NOTE: JAMF Pro is only available for 50+ devices.
MacOS Server
MacOS server is an official tool provided by Apple for managing multiple devices and distributing settings across them remotely.. MacOS server can be installed on every Apple device running Majove and Catalina and doesn’t need to be in the same network as target devices.
Profile Manager
Right after macOS server installation has been completed, it’s necessary to enable Profile Manager (it’s disabled by default). For details on how to start Profile Manager, refer to Apple documentation.
If the Profile Manager has already been activated, devices and profiles can be configured. Profile Manager can be accessed via any web browser. For the purpose of this example we are using Google Chrome.
Device Group
Once Profile Manager has been activated, System Administrator is now able to create a new Device Group to handle multiple devices at once.
Next, a special profile can be created and it will be distributed around every device within the device group.
Custom Settings are available for forced installation; access Your Device Group > Settings > Edit.
NOTE: It’s necessary to add profile payload with property domain, especially for Google Chrome.
Here is an example of how it should look like. It’s necessary to create this property exactly as shown on the example below, with proper Type and item:
Preference Domain |
com.google.Chrome |
Key |
EXTENSIONINSTALLFORCELIST |
Type |
Array |
Value |
Leave blank |
Button should change to “Add Item” after clicking the first key. |
|
Child Type |
String |
Value |
{extension-id};https://apty-assist-production-s3.s3.amazonaws.com/production/{tenant-id}/update.xml Note: Extension id will be provided to you by Customer Support Team. |
NOTE: It can be used to install more than one extension, if necessary. In order to do that, add another item under “ExtensionInstallForcelist”.
Trust profile
To add a new device to the Device Group, download and install Trust Profile on a target device. Go to Blue Brick > Download Trust Profile.
It is a standard profile file and can be launched on target device with double click.
NOTE: Installation process requires administrator permissions.
Remote Profile Management
To manage remote devices automatically, install “Enrollment profile” on every device. At the bottom left corner of the macOS Server Profile Manager clicking the Plus button to create new enrollment.
NOTE: The “Restrict use to devices with placeholders” option should be unchecked.
It should be saved, downloaded and installed in the same manner as Trust Profile. Installed profiles on target devices should look as follows:
Now, the administrator should be able to view new remote device and add it to Device Group.
Automatic Enrollment
After saving the Device Group settings every profile should be distributed automatically across connected devices. It could be checked at profiles settings:
NOTE: Replace the above custom settings highlighted with red with the value below:
bpgnbhpmapjejjgieobojikijibkabnl;<customerURL>/api/public/admin/exten sions/player/updates.xml
Summary
New extension will be force installed on next Google Chrome start. User without administrative privileges won’t be able to uninstall it or even disable it. To change extension or add another one, just edit Device Group settings and save it - it will be rolled out automatically across devices.
Apty Widget Extension Distribution on Mac with Jamf Pro
PREREQUISITES
Before proceeding to distribute Apty Client Extension on Mac with Jamf Pro, ensure that you have met the following criteria:
- Created a valid Apple ID.
- Created a valid Jamf Pro ID.
- Be sure to create a generic Apple ID and Jamf ID, as the MDM Push Notification Certificate will be renewed annually.
- Uploaded the MDM Push Notification Certificate to Jamf Pro.
- Uploaded your proxy server token to Jamf Pro.
Jamf Pro
Jamf Pro is a comprehensive mobile device management(MDM) system specifically designed to manage, deploy, and secure Apple devices(iPhone, iPad, and Apple TV) at work. With Jamf Pro alongside an Apple deployment program, end users will enjoy a streamline set of process that automatically brings their devices under management.
Objective
This article describes how to distribute the Apty Client Extension from Chrome Store or Apty Cloud and use Jamf Proto manage various remote Apple devices.
Distributing Apty Client extension to users with Apple devices using Jamf Pro is a two-step process.
Step 1: Upload Configuration Profiles
After signing in to Jamf Pro, you can apply configurations and settings for various device features. Configuration profiles let you centrally and remotely define a group of settings for specific features. Multiple configuration profiles can be assigned to each device. For example, you can create a configuration profile that specify device passcode, VPN, WiFi, or email settings.
To upload and approve the Apty Client extension on a Mac with Jamf Pro,
1. Log in to Jamf Pro.
2. Click Computers at the top-left panel.
3. Click Configuration Profiles.
4. Click+New.
5. Enter the Name and Description of your Configuration Profile.
6. In the Options tab, scroll down and click the Application & Custom Settings dropdown.
7. Click Upload.
8. Click+Add.
9. Enter the Preference Domain (com.google.Chrome).
10. Copy and paste the following script in the Property List.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExtensionSettings</key>
<dict>
<key>gdnkpilcpkfbnoojjfioffjpnjkoemlj</key>
<dict>
<key>installation_mode</key>
<string>allowed</string>
<key>installation_mode</key>
<string>force_installed</string>
<key>update_url</key>
<string>https://clients2.google.com/service/update2/crx</string>
</dict>
</dict>
</dict>
</plist>
11. Update the script with your unique Apty Client Extension ID.
Info:
- The script contains an Apty Client Extension ID that is unique for each user. Ensure to replace the existing Extension ID with your unique Extension ID in the script.
- You can get the Extension ID by opening the Apty Client Extension on Chrome store. The last part of the URL is your Extension ID.
- The update_url is the same for all the extensions directly from the Chrome store.
Note:
Another way to distribute the Apty Client Extension on Mac using Jamf Pro is by replacing the existing Extension ID and the update_url with the ones derived from Apty cloud.
In this example, the Apty Client Extension is deployed to Apty cloud(e.g., amazonaws.com).
- After saving the extension, update the Extension ID and the update_url in the Property List.
- Enter your unique tenant ID in the {tenantID}section.
12. Click Save.
Step 2: Set the Scope for the Apty Client Extension
Once the Apty Client Extension Configuration Profile is created, you need to scope the Extension. For example, you may have many groups of users on the system using Jamf Pro, and want to limit the use of the extension to a specific group of users. In this case, you can scope the extension by selecting that specific user group or manually adding them to the Selected Deployment Targets section.
To configure the scope of the Apty Client Extension,
1. Click the Scope tab.
2. Select your Target Computers and Target Users.
Note:
You can add the users manually under the Selected Deployment Targets.
3. Click Save.
4. Choose Distribute to All and then click Save.
You'll be able to see how many devices are affected.
5. Launch your Google Chrome and navigate to Manage extensions in your Chrome browser.
Info:
- You can see that the Apty Client Extension has been added to Chrome Extensions and enabled by default.
- Ensure to quit and relaunch your Google Chrome to see the Apty Client Extension.
Info:
- The script contains an Apty Client Extension ID that is unique for each user. Ensure to replace the existing Extension ID with your unique Extension ID in the script.
- You can get the Extension ID by opening the Apty Client Extension on Chrome store. The last part of the URL is your Extension ID.
- The update_url is the same for all the extensions directly from the Chrome store.