Search
⌃K
Links

Installing using MDM on Mac

Deploying to a Mac device with MDM requires 3 separate configurations:
  1. 1.
    Root Certificate
  2. 2.
    Network Extension Permission
  3. 3.
    Custom Profile Permission

1. Root Certificate

Root certificate inside of your installer zip should be deployed inside your MDM tool

2. Network Extension Permission

The network extension should be allowed with dope.security's identifier 63JU25B8Q7

3. Custom Profile Permission

Add a custom MDM profile with the following details:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>DopeSecurityApp</string>
<key>PayloadIdentifier</key>
<string>com.apple.vpn.managed.3FC862E3-0F98-45DA-9BA0-B00D74C6E82E</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>798346BB-9A01-40B3-8EA6-377B26B0018B</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>UserDefinedName</key>
<string>DopeSecurityApp</string>
<key>VPN</key>
<dict>
<key>AuthenticationMethod</key>
<string>Password</string>
<key>ProviderBundleIdentifier</key>
<string>security.dope.DopeSecurityApp.Redirector</string>
<key>ProviderDesignatedRequirement</key>
<string>anchor apple generic and identifier "security.dope.DopeSecurityApp.Redirector" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = 63JU25B8Q7)</string>
<key>RemoteAddress</key>
<string>localhost</string>
</dict>
<key>VPNSubType</key>
<string>security.dope.DopeSecurityApp</string>
<key>VPNType</key>
<string>VPN</string>
<key>VendorConfig</key>
<dict>
<key>Group</key>
<string>63JU25B8Q7.security.dope.DopeSecurityApp</string>
</dict>
</dict>
<dict>
<key>AllowedTeamIdentifiers</key>
<array>
<string>63JU25B8Q7</string>
</array>
<key>PayloadDisplayName</key>
<string>System Extension Policy</string>
<key>PayloadIdentifier</key>
<string>com.apple.system-extension-policy.190E1DB5-015F-4CAF-8AD5-9F0C293663DE</string>
<key>PayloadType</key>
<string>com.apple.system-extension-policy</string>
<key>PayloadUUID</key>
<string>1CAA9256-333E-4F53-BF59-F54984275562</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>RemovableSystemExtensions</key>
<dict>
<key>63JU25B8Q7</key>
<array>
<string>security.dope.DopeSecurityApp.Redirector</string>
</array>
</dict>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>DopeSecurityApp</string>
<key>PayloadIdentifier</key>
<string>DOPE.D66FA254-FEC6-4BBD-80CC-7CFB4A93CF8E</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>06FCAA24-ACA8-41C4-9D61-AA4E3BC303BE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
If you want need a DMG, you can run this command:
hdiutil create -format UDZO -srcfolder dope_security_mac_1.0.6001 dope_1-0-6001.dmg