The SnapComms MAC App can be downloaded from your SnapComms Content Manager > App Management > App Download. Select the 'Authentication type' (select SnapComms authentication if your MAC machines are not bound to on-premise Active Directory), click the 'Download' button and this generates a .pkg file that you can upload to your MDM's Packages.
Below are guidelines on how to package the deployment of your Organization App Code via Configuration Policies, so this value will be hardcoded in your MAC App and your MAC users will be able to bypass entering your Org App Code.
Note: Each MDM platform may have a different plist configuration format, kindly check with your MDM provider if the samples below do not match with their required format.
Jamf Pro
Automatic deployment of organization app code
-
After the SnapComms MAC App (.pkg) has been uploaded to your MDM's packages in JAMF PRO > go to 'Computers' > 'Configuration Profiles' > click '+New' > assign a name, then click 'save'
-
Within the Configuration Profile menu, scroll down to 'Application & Custom Settings' > select 'Upload', and enter the following values:
Preference Domain: com.snapcomms.osx.SnapClient
Property List:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>appCode</key> <string>YourOrgAppCode</string> </dict> </plist>
Note: From the PLIST above, change the value within the <string></string> to your Organization App Code, from your SnapComms Content Manager, you'll find this under App Management > Mac & Mobile Settings. Click on 'Save'.
-
Go to the 'Scope' tab to add your target users or machines
-
Confirm that the App package and Configuration Policy has been deployed.
Pre-approving Screensaver Automation
The SnapComms Mac app requires access to the System Events automation privacy permission to automatically set screensavers. To ensure a seamless user experience and prevent permission prompts, you can pre-approve this access.
Option 1:
Use the PPPC Utility to create a configuration profile that grants SnapComms access to System Events. Save and upload this profile to your Jamf instance.
Option 2:
Alternatively, you can use the custom configuration profile below. Adjust it as needed and upload it to your Jamf instance.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Automate SnapComms Screensaver install</string>
<key>PayloadDisplayName</key>
<string>Automate SnapComms Screensaver install</string>
<key>PayloadIdentifier</key>
<string>0152DF63-DE95-4C28-937E-E8CE06AAB303</string>
<key>PayloadOrganization</key>
<string>(Your organization here)</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>936158DF-E86D-4E4C-A870-E17D24DF370D</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>AppleEvents</key>
<array>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.apple.systemevents" and anchor apple</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.systemevents</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.snapcomms.osx.SnapClient" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = NSTXJ25X53</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.snapcomms.osx.SnapClient</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Automate SnapComms Screensaver install</string>
<key>PayloadDisplayName</key>
<string>Automate SnapComms Screensaver install</string>
<key>PayloadIdentifier</key>
<string>0152DF63-DE95-4C28-937E-E8CE06AAB303</string>
<key>PayloadOrganization</key>
<string>(Your organization here)</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>608AE35E-8B74-4F83-BB24-572FE0A3F253</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Notes:
- When this profile is applied, SnapComms will be granted the required automation permission without prompting the user, and no entry will appear in the System Events automation privacy list.
- If users have already been prompted before deploying this profile, you can reset the permission by running:
tccutil reset AppleEvents com.snapcomms.osx.SnapClient
Intune
To add the MAC App (PKG file) as a Line-of-Business App in Intune, refer to this Intune documentation.
-
After the SnapComms MAC App (.pkg) has been uploaded to your macOS Apps in Intune, remove the com.snapcomms.SnapScreenSaver package or other sub-apps and only retain com.snapcomms.osx.SnapClient.
-
Go to Devices > Under Platform, select macOS > 'Configuration Policies' > 'Create Profile' > select 'Templates' under Profile Type, and 'Preference File' > click 'Create'.
- Within the Preference File, assign a name (e.g. SnapCommsMacOrgAppCode), click Next.
-
Within the Configuration Settings, in the 'Preference domain name' field, enter com.snapcomms.osx.SnapClient.
-
On your MAC, create a text file via your text editor with the content below and save it as snapcommsmacorgappcode.plist (note that the file should be in .plist format). Change the value within the <string></string> to your Organization App Code, from your SnapComms Content Manager, you'll find this under App Management > Mac & Mobile Settings. Click on 'Next'.
<key>appCode</key><string>[YOUR_ORG_APP_CODE]</string>
-
Select your Scopes and Assignments, and click 'Next'.
-
Confirm in the Status if the macOS App and the Configuration Policies have successfully been deployed to your users
Comments
0 commentsArticle is closed for comments.