-
Notifications
You must be signed in to change notification settings - Fork 0
Home
This guide will detail how to utilize Baseline to provide the same functionality the Jamf DEPNotify-Starter script provides. It is assumed you already have a working DEPNotify-Starter workflow currently in use with automated device enrollment. We'll utilize the existing Jamf Pro policies for the Baseline workflow.
You need to decide what kind of workflow you want to use for your Baseline deployment. You can choose to create and use a custom made, signed and notarized Baseline package or you can use the standard Baseline package. While there are many ways you can create a workflow, this guide will limit itself to the following two workflows:
- Workflow 1 - Baseline configuration delivered using a plist-based file which is part of a signed and notarized, custom Baseline installer package deployed in a PreStage Enrollment. Requires Apple Developer ID Installer signing certificate.
- Workflow 2 - Baseline configuration delivered using a configuration profile and the standard Baseline signed and notarized installer package deployed in a PreStage Enrollment. The branding logos, application and policy icons, end user license agreement file and registration script are deployed with an installer package delivered using a script and installer package both hosted on an https server. No Apple Developer ID Installer signing certificate needed for this workflow.
There are two scripts (Registration.sh and Branding-Customizations.sh) you need to utilize depending upon the workflow you chose. The Registration.sh script provides the "Register Your Mac" functionality to gather data about the device being enrolled. The Branding-Customizations.sh script is used with the standard Baseline package to download branding and other customizations needed for that workflow.
Depending upon the method you choose for deploying and customizing the Baseline workflow, you may need all or some of the following tools:
- iMazing Profile Editor application – Free app used to build configuration profile or Baseline plist configuration file.
- WhiteBox's Packages application – Free app used to build distribution-based installer packages.
- SD Notary 2 application – Free app used to sign and notarize distribution-based custom Baseline installer package for deployment in a PreStage Enrollment. Must have Xcode installed and Apple Developer ID Installer signing certificate installed on the device used to create installer packages.
- Apple Developer ID Installer signing certificate – Comes with a paid Apple Developer account and is used to sign and notarize distribution-based installer package. Must be installed on the device used to create installer packages.
- Apple Xcode application – Free app used in conjunction with Apple Developer ID Install signing certificate and SD Notary 2 application to sign and notarize installer packages.
- Visual Studio Code – Free app used to edit and make changes to scripts used in the Baseline workflow.
You need to provide branding logos, application and policy icons and an end user license agreement file to customize the look and feel of the process. The Logo.png , Dialog.png and BannerImage.png files are your branding logos. Logo.png and Dialog.png should be 1024 by 1024 pixels in size. The Logo.png file is used by Baseline to brand its SwiftDialog windows. The Dialog.png file is used by SwiftDialog to brand its system notifications. The BannerImage.png file, with an optimal size of 700 by 150 pixels, is used during the “Register Your Mac” registration portion to brand the larger SwiftDialog windows. I would suggest a minimum of 512 by 512 pixels for the application and policy icons used in the list view of the SwiftDialog window. You need to provide a markdown formatted file named eula.md with your organization's end user license agreement.
You need to provide a Baseline configuration file. This can be accomplished using a configuration profile or a plist file. I'll detail both options for creating the configuration file.
You'll also need a signed and notarized Baseline installer package to deploy in your PreStage Enrollment. You can create a custom signed and notarized installer package containing Baseline, branding logos and icons, end user license agreement file, registration script and configuration plist file. The configuration plist file isn't needed if you use a configuration profile to configure Baseline.
If you don't have an Apple Developer ID Installer signing certificate, you will need to use the signed and notarized Baseline installer package available in the Baseline GitHub repository. You will also need to build and host a Baseline-Branding-Customizations.pkg. In addition, you will need to host the Branding-Customizations.sh script which will download and install the Baseline-Branding-Customizations.pkg.
You should collect the Jamf policy custom event trigger names or policy IDs for the policies you want to run as part of your workflow. You can use the example table, in Microsoft Excel format, to record your information.
If you're using custom event policy trigger names, then the Arguments section will follow this format:
policy -event custom-event-name
If you're using policy IDs, then the Arguments section will follow this format:
policy -id policy-ID#
My example will utilize custom event trigger names.
Jamf Pro Policies to Run as Scripts
| Display Name | Script Path | Arguments | Icon |
|---|---|---|---|
| Rosetta | /usr/local/bin/jamf | policy -event install-rosetta | /usr/local/Baseline/Icons/Settings-Gear.png |
| - | - | - | - |