jamf/Setup-Manager
1
0
Fork 0
mirror of https://github.com/jamf/Setup-Manager.git synced 2026-02-03 14:13:24 +00:00
Code Issues 37 Actions Packages Projects Releases Wiki Activity

Compare commits

base: jamf:v1.1beta
Branches Tags
jamf:main jamf:beta
jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306
...
compare: jamf:v1.2beta2
Branches Tags
jamf:main jamf:beta
jamf:v1.4.2 jamf:v1.4.1 jamf:v1.4 jamf:v1.4beta2 jamf:v1.4beta jamf:v1.3.1 jamf:v1.3 jamf:v1.3beta jamf:v1.2.2 jamf:v1.2.1 jamf:v1.2 jamf:v1.2beta3 jamf:v1.2beta2 jamf:v1.2beta jamf:v1.1.1 jamf:v1.1 jamf:v1.1beta jamf:v1.0 jamf:v1.0rc jamf:v0.9.1-306

13 Commits
v1.1beta ... v1.2beta2

Author SHA1 Message Date
Armin Briegel
d9ec69df04 v1.2beta2 2025-02-26 16:21:39 +01:00
Armin Briegel
0eb0916a2f updated for v1.2beta 2025-02-13 16:43:46 +01:00
Armin Briegel
c5d5798f4e Merge branch 'main' of github.com:Jamf-Concepts/Setup-Manager 2025-02-03 09:13:35 +01:00
Daniel MacLaughlin
97f11bab6b Fixed Custom Schema Links (#82) 
* fixed links for custom schema and some minor typos

* fixed links for custom schema and some minor typos
 2025-02-03 13:22:30 +11:00
Armin Briegel
675469b197 updated for v1.1.1 2025-01-28 14:05:26 +01:00
Armin Briegel
d3cec3276e fixed wrong path, closes #67 2025-01-14 16:22:46 +01:00
Armin Briegel
6645a7a926 removed extraneous separator 2025-01-14 08:33:35 +01:00
Armin Briegel
d1d7b1f569 Formatting fixes 2025-01-14 08:32:32 +01:00
Armin Briegel
960c06c5a5 Update JamfSchool-Setup with new instructions 2025-01-14 08:29:15 +01:00
Armin Briegel
c2fcc38faf various doc fixes, closes #57 2024-11-25 10:35:09 +01:00
Armin Briegel
d71f2ca6f1 fixed broken link 2024-10-29 15:04:25 +01:00
Armin Briegel
8623f85487 v1.1 2024-10-29 13:39:17 +01:00
Armin Briegel
e3d908747a updated waitForUserEntry docs 2024-09-10 09:15:58 +02:00
14 changed files with 785 additions and 280 deletions
Expand all files Collapse all files

94
ChangeLog.md
View File

@@ -1,5 +1,99 @@
# Setup Manager - Change Log
v1.2beta2
(2025-02-26)
### New Features
- Setup Manager can send [webhooks](Docs/Webhooks.md) on start and finish, (#70)
- (beta2) added [a specific webhook to send a message to Microsoft Teams](Docs/WebHooks.md#Microsoft-Teams)
- User Entry:
- `email`, `endUsername`, `realname`, `position` and `phone` fields added. These will be submitted to Jamf Pro when Setup Manager finishes and during a `waitForUserEntry` action
- you can set custom and localized labels for user entry fields in the profile with a `label` key
- [User Data file](Docs/Extras.md#user-data-file) now contains a list of enrollmentActions
- added 'restart' option to ['finalAction'](ConfigurationProfile.md#finalAction) (#38, #58)
- [icon sources](ConfigurationProfile.md#icon-source) and [`accentColor`](ConfigurationProfile.md#accentColor) can now have [a dark mode alternative defined in the profile](ConfigurationProfile.md#dark-mode) (#61)
- hitting the space bar while Setup Manager is the Active window will open a window with a scannable barcode of the serial number
- `message` and help:`message` now interpret [markdown formatting](ConfigurationProfile.md#markdown) (#46)
### Fixes and Improvements
- (beta2) an empty `userEntry` dictionary in the profile no longer chokes the UI (#85)
- (beta2) MDM check more resilient to certain profile configs (#87)
- (beta2) the `name` field in WebHook data was shortened from `SetupManagerFinished` and `SetupManagerStarted` to `Finished` and `Started`
- (beta2) early log entry when debug mode is enabled
- icon for `waitForUserEntry` can be changed from the profile
- shell actions correctly show success or failure, depending on their exit code#39)
- Jamf Pro policy actions show success or failure in most situations. Note that there are many things a policy can potentially do. Not all failures are caught. This registers failed pkg installations and policy scripts that return a non-zero exit code, which should cover most situations. Note also, these checks will only work on macOS 13 and higher. On macOS 12, Jamf policies will always be reported as success.
- read enrollment actions data from profile after user-initiated enrollments more reliably
- now tries for 15 seconds to reload images with local file paths, this should help in situations were the resources file are installed after Setup Manager
- many other fixes and improvements
- updated included Installomator to 10.7
- user data file will contain the enrollment user when the `userID` key is set
- battery warning threshold is now different for Intel (%50) and Apple silicon (%20) Macs. This matches Apple's warnings before applying software updates
### Deprecations and Removals
- the minimum macOS requirement for Setup Manager will be raised to macOS 13 soon
- `showBothButtons` option removed and non-functional, there will always be just one final action button displayed
- the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the [new dictionary-based solution](ConfigurationProfile.md#localization).
### Beta Features
Even though we are confident that the release is overall stable and ready to be used in production, we believe this feature may require more testing. When, after thorough testing in your environment, you conclude this works for your workflow, please let us know about success or any issues you might encounter.
- Setup Manager can now run over Login Window, instead of immediately after installation. This also allows Setup Manager to work with AutoAdvance. Use [the new `runAt` key](ConfigurationProfile.md#runAt) in the profile to determine when Setup Manager runs
## v1.1.1
(2025-01-28)
- updated included Installomator script to [v10.7](https://github.com/Installomator/Installomator/releases/tag/v10.7)
## v1.1
(2024-10-23)
### New Features
- new action [`waitForUserEntry`](ConfigurationProfile.md#wait-for-user-entry) which allows for two-phase installation workflows in Jamf Pro. When Setup Manager reaches this action it will wait for the user entry to save the data entry, then it will run a recon/Update Inventory. Policy actions that follow this, can then be scoped to data from the user entry. (Jamf-Concepts/Setup-Manager#11)
- data from user entry is now written to a file when Setup Manager submits data. See details in [User Entry](Docs/Extras.md#user-data-file) (Jamf-Concepts/Setup-Manager#9)
- use token substitution in the `title`, `message`, and action `label` values (as well as `computerNameTemplate`)
- token substitution can extract center characters with `:=n`
- localization of custom text in the configuration profile has been simplified. The previous method still works, but is considered deprecated. [Details in the documentation](ConfigurationProfile.md#localization). The [plist and profile example files](Examples) have been updated.
### Fixes and improvements
1.1beta:
- icons using `symbol:` that end in `.app` now work properly
- Elapsed time is shown in "About this Mac…" Start time is shown with option key.
- svg and pdf images used for `icon`s should now work
- general fixes in user entry setup
- improved rendering in Help View (Jamf-Concepts/Setup-Manager#12)
- fixes to json schema
- improved and updated documentation
- included Installomator script updated to [v10.6](https://github.com/Installomator/Installomator/releases/v10.6)
- added Setup Manager version and macOS version and build to tracking ping
- fixed UI glitch in macOS Sequoia
1.1 release:
- documentation updates and fixes (Jamf-Concepts/Setup-Manager#35, Jamf-Concepts/Setup-Manager#44, Jamf-Concepts/Setup-Manager#48, Jamf-Concepts/Setup-Manager#51)
- custom `accentColor` now works correctly with SF Symbol icons (Jamf-Concepts/Setup-Manager#41)
- setting a `placeholder` no longer overrides a `default` in `userEntry` (Jamf-Concepts/Setup-Manager#43)
- more UI updates
- Hebrew localization
### Beta features
Even though we are confident that the 1.1 release is overall stable and ready to be used in production, we believe this feature may require more testing. When, after thorough testing in your environment, you conclude this works for your workflow, please let us know about success or any issues you might encounter.
- Setup Manager can now run over Login Window, instead of immediately after installation. This also allows Setup Manager to work with AutoAdvance. Use [the new `runAt` key](ConfigurationProfile.md#runAt) in the profile to determine when Setup Manager runs (Jamf-Concepts/Setup-Manager#18)
### Deprecations
These features are marked for removal in a future release:
- localized labels and text by adding the two-letter language code to key. Switch to [localization with dictionaries](ConfigurationProfile.md#localization).
- `showBothButtons` key and functionality
## v1.1beta
(2024-09-09)

361
ConfigurationProfile.md
View File

@@ -1,6 +1,10 @@
# Configuration Profile format
The project includes a [custom profile plist](sample-com.jamf.setupmanager.plist) for Jamf Pro and [an example configuration profile](sample-jamfschool.mobileconfig) for Jamf School.
The project some sample files to get you started:
- [sample plist](Examples/sample-com.jamf.setupmanager.plist) for Jamf Pro
- [sample plist](Examples/sample-waitForUserEntry.plist) for Jamf Pro with [two phase workflow](Docs/JamfPro-TwoPhase.md)
- [configuration profile](Examples/sample-jamfschool.mobileconfig) for Jamf School
## Top-level keys
@@ -8,15 +12,15 @@ The project includes a [custom profile plist](sample-com.jamf.setupmanager.plist
(Boolean, default: `false`)
When this is set to `true` any steps that actually change software on the disk will not be performed.
When this is set to `true` any steps that actually change software on the disk will not be performed. This will also allow you to launch Setup Manager by double-clicking as the user. This can be useful to test a profile, or to take screenshots for documentation.
These behaviors change in debug mode:
- checks for the existence of the Jamf binary and keychain are skipped
- Jamf Setup manager will accept enrollmentActions from a non-managed preference file
- `policy`, `recon`, and `shell` actions that require root are replaced with a 10 second delay (and will always complete successfully)
- watchPath and wait actions timeout and fail after 10 seconds
- Jamf Setup Manager will accept enrollmentActions from a non-managed preference file
- `policy`, `recon`, and `shell` actions that require root are replaced with a delay (and will always complete successfully)
- `watchPath` and `wait` actions timeout and fail after 10 seconds
When in debug mode, you have to set the `simulateMDM` preference key to `Jamf Pro` or `Jamf School`. This allows you to do test runs on un-enrolled Macs.
When in debug mode, you can also set the `simulateMDM` preference key to `Jamf Pro` or `Jamf School`. This allows you to do test runs on un-enrolled Macs.
#### `title`
@@ -26,50 +30,74 @@ The main title over the window.
Example:
```
```xml
<key>title</key>
<string>Welcome to your new Mac!</string>
```
#### `icon`
(String, default: `name:AppIcon`, localized)
(String, default: `name:AppIcon`, localized, dark mode)
The icon shown at the top center of the window. There are many options to define icons, described in the [Icon Sources](#icon-sources) section later.
The icon shown at the top center of the window. There are many options to define icons, described in the [Icon Sources](#icon-sources) section later. Images will be scaled to fit a size of 700x128 pixels (or 1400x256 @2x).
#### `message`
(String, default: `Setup Manager is configuring your Mac…`, localized, substitutions)
(String, default: `Setup Manager is configuring your Mac…`, localized, substitutions, markdown)
The message shown below the title.
Example:
```
```xml
<key>message</key>
<string>Please wait a few moments while we install essential software…</string>
```
The message can use [substitutions](#substitutions).
The message can use [substitutions](#substitution).
Example:
```
```xml
<key>message</key>
<string>Preparing your new %model%. Please be patient.</string>
```
Markdown formatting options in the message field will be translated into rich text:
Example:
```xml
<key>message</key>
<string>Preparing your new %model%. **Please be patient.**</string>
```
`Please be patient.` will be bold. More detail on [Markdown here](#markdown).
#### `background`
(String, optional, localized)
(String, optional, localized, dark mode)
When this key is set, Setup Manager treats it as an image/[icon source](#icon-source) and displays the image in a screen covering background.
When this key is set, Setup Manager treats it as an image/[icon source](#icon-sources) and displays the image in a screen covering background.
#### `runAt`
(String, optional, deafult; `enrollment`)
(String, optional, default: `enrollment`)
This value determines when Setup Manager should launch. There are two values: `enrollment` (default) and `loginwindow`. When set to `enrollment` Setup Manager will launch immediately when the pkg is installed. This is the setting to use for automated device enrollment (without AutoAdvance) and user-initiated enrollment. When the `runAt` value is set to `loginwindow` Setup Manager will launch when the login window is shown. This is useful for fully automated enrollments with AutoAdvance. A setting of `loginwindow` will only with enrollment setups that eventually end on the login window (i.e. a user has to be created automatically or the device is bound to a directory).
**Beta:** We believe the run at login window feature may require more testing, especially in some edge cases. When, after thorough testing, you believe this works in your workflow, feel free to deploy it, and please let us know about your success or any issues you might encounter.
This value determines when Setup Manager should launch. There are two values: `enrollment` (default) and `loginwindow`. When set to `enrollment` Setup Manager will launch immediately when the pkg is installed. This is the setting to use for automated device enrollment (without Auto Advance) and user-initiated enrollment.
When the `runAt` value is set to `loginwindow` Setup Manager will launch only when the login window is shown. This is useful for fully automated enrollments using Auto Advance.
A setting of `loginwindow` will only work with enrollment setups that eventually end on the login window (i.e. a user has to be created automatically, the device is bound to a directory, etc).
Example:
```xml
<key>runAt</key>
<string>loginwindow</string>
```
#### `enrollmentActions`
@@ -87,28 +115,51 @@ When this key exists, Setup Manager will prompt for user data while the enrollme
(Dict of Strings, optional)
When this key exists, Setup Manager will show a "Help" button (a circled question mark) in the lower right corner while it is running. You can add subkeys with content for the help, which are described in [Help](#help). When Setup Manager has completed, the "Help" button will be replaced with the "Continue" and/or "Shutdown" button.
When this key exists, Setup Manager will show a "Help" button (a circled question mark) in the lower right corner while it is running. You can add sub-keys with content for the help, which are described in [Help](#help). When Setup Manager has completed, the "Help" button will be replaced with the "Continue" and/or "Shutdown" button.
#### `accentColor`
(String, optional, default: system blue)
(String or Dict, optional, default: system blue, dark mode)
When present sets the accent color for buttons, progress bar and other UI elements. You can use this to match branding. Color is encoded as a six digit hex code, i.e. `#FF0088`.
Sets the accent color for buttons, progress bar, SF Symbol icons, and other UI elements. You can use this to match branding. Color is encoded as a six digit hex code, e.g. `#FF0088`.
Example:
```xml
<key>accentColor</key>
<string>#FF00AA</string>
```
If you want different accent colors depending on whether the system is in light or dark mode, provide a `dict` with two keys, for `light` and `dark` mode:
Example:
```xml
<key>accentColor</key>
<dict>
<key>dark</key>
<string>#FF00AA</string>
<key>light</key>
<string>#AA0055</string>
</dict>
```
#### `finalCountdown`
(Number/integer, optional, default: `60`)
This key changes the duration (in seconds) of the "final countdown" before the app automatically quits. Set to `-1` (or any negative number) to disable automated continue.
This key changes the duration (in seconds) of the "final countdown" before the app automatically performs the `finalAction` (continue or shut down). Set to `-1` (or any negative number) to disable automated execution.
Examples:
Example:
```
```xml
<key>finalCountdown</key>
<integer>30</integer>
```
```
Disable the countdown:
```xml
<key>finalCountdown</key>
<integer>-1</integer>
```
@@ -117,30 +168,26 @@ Examples:
(String, optional, default: `continue`)
This key sets the action and label for the button shown when Setup Manger has completed. When this key is set to `shutdown` (no space!) it will shutdown the computer, other wise it will just quit Setup Manager ("continue"). This is also the action that is performed when the `finalCountdown` timer runs out.
This key sets the action and label for the button shown when Setup Manger has completed.
There are three options:
- `continue`: (default) merely quits Setup Manager and allows the user to continue (probably Setup Assistant or login window)
- `restart`: restarts the Mac
- `shut down`: (no space!) shuts down the Mac
**Warning:** `restart` and `shutdown` options will force their action immediately. If a user is logged in (after user-initiated enrollment), they may lose data from open, unsaved documents.
This is also the action that is performed when the `finalCountdown` timer runs out.
When the `DEBUG` preference is set, `shutdown` or `restart` will merely quit/continue.
Example:
```
```xml
<key>finalAction</key>
<string>shutdown</string>
```
#### `showBothButtons`
(Bool, optional default: `false`)
This key determines whether both the 'Shutdown' and 'Continue' are shown or just the button set in the `finalAction` key.
**Warning:** this key will be removed in a future version of Setup Manager
Example:
```
<key>showBothButtons</key>
<true/>
```
#### `totalDownloadBytes`
(Integer, opitonal, default: 1000000000 or 1GB, v0.8)
@@ -149,7 +196,7 @@ Use this value to provide an estimate for the total size of all items that will
Example:
```
```xml
<key>totalDownloadBytes</key>
<integer>4500000000</integer>
```
@@ -158,11 +205,11 @@ Example:
(String, Jamf Pro only)
Set this to `$JSSID` in the configuration profile and Setup Manager will be aware of its computer's id in Jamf Pro. It will be display in the 'About this Mac…' popup.
Set this to `$JSSID` in the configuration profile and Setup Manager will be aware of its computer's id in Jamf Pro. It will be displayed in the 'About this Mac…' popup, when clicked with the option key.
Example:
```
```xml
<key>jssID</key>
<string>$JSSID</string>
```
@@ -175,7 +222,7 @@ Set this to `$EMAIL` in the configuration profile. This communicates the user wh
Example:
```
```xml
<key>userID</key>
<string>$EMAIL</string>
```
@@ -184,13 +231,13 @@ Example:
(String, Jamf Pro only, substitutions)
When this key is set, Setup Manager will generate the computer name from this template and set it. When this key is present, a `computerName` dict or string in `userEntry` will be ignored.
When this key is set, Setup Manager will generate the computer name from this template and set it automatically. When this key is present, a `computerName` dict or string in `userEntry` will be ignored.
The template uses substitution tokens, which begin and end with `%` character which will be substituted with data at run time. See [Substitutions](#substitutions) for details.
The template uses substitution tokens, which begin and end with `%` character which will be substituted with data at run time. See [Substitutions](#substitution) for details.
Example:
```
```xml
<key>computerNameTemplate</key>
<string>Mac-%serial:=6%</string>
```
@@ -201,24 +248,33 @@ This will set the computer name to `Mac-DEF456` where `DEF456` are the center si
(String, optional)
When set, the "About this Mac" info window will show this value instead of the real serial number. This is useful when making screen shots or recordings for documentation or presentations where you do not want to expose real serial numbers.
When set, the "About this Mac" info window will show this value instead of the real serial number. This is useful when making screenshots or recordings for documentation or presentations where you do not want to expose real serial numbers.
Note: This is for display only. [Substitutions](#substitution) will still use the real serial number.
Example:
```xml
<key>overrideSerialNumber</key>
<string>ABC1DEFABC</string>
```
#### `hideActionLabels`
(Bool, default: `false`)
(Bool, optional, default: `false`)
Hides the individual labels under each action's icon.
Example:
```
```xml
<key>hideActionLabels</key>
<true/>
```
#### `hideDebugLabel`
(Bool, default: `false`)
(Bool, optional, default: `false`)
When set, suppresses display of the red 'DEBUG' label in debug mode. Useful for screenshots and recordings.
@@ -229,6 +285,11 @@ Example:
<true/>
```
#### `simulateMDM`
(String, optional)
When debug mode is enabled, you can set the `simulateMDM` preference key to `Jamf Pro` or `Jamf School`. This allows you to do test runs on un-enrolled Macs.
## Actions
@@ -242,9 +303,9 @@ The label is used as the name of the action in display.
#### `icon`
(String, optional, localized)
(String, optional, localized, dark mode)
The icon source string used for the display of the label. Different types of actions will have different default icons, which is used when no `icon` key is present.
The [icon source](#icon-sources) used for the display of the label. Different types of actions will have different default icons, which are used when no `icon` key is present. The icons will be scaled to fit 64x64 pixels (or 128x128 @2x).
There are several different types of actions, and these are defined by additional keys. These keys will be on the same level as the keys above.
@@ -266,11 +327,11 @@ When the command given in `shell` requires arguments they are listed here, one i
(Bool, default: `false`, optional)
When this key is set to `true` Setup Manager will only run this when itself is running as root. Otherwise it will fail the action. When `DEBUG` is enabled, it will replace the action with a delay instead.
When this key is set to `true`, Setup Manager will only run this when itself is running as root. Otherwise, it will fail the action. When `DEBUG` is enabled, it will replace the action with a delay instead.
Example:
```
```xml
<dict>
<key>label</key>
<string>Set Time Zone</string>
@@ -292,15 +353,19 @@ Example:
#### `policy`
(String)
(String, Jamf Pro only)
(Jamf Pro only)
This will run the Jamf Pro policy or polices with the given trigger name. This is the equivalent of running
This will run the jamf policy or polices with the given trigger name. This is the equivalent of running `jamf policy -event <triggername>`
```
jamf policy -event <triggername> -verbose -forceNoRecon -doNotRestart -noInteraction
```
Note: Jamf Pro policies can do a lot of different things and fail in many different ways. Setup Manager does _not_ check for all possible failure modes. It only checks for failed installer pkgs and policy scripts that return non-zero exit codes, which should cover most uses of policies for initial deployment.
Example:
```
```xml
<dict>
<key>label</key>
<string>BBEdit</string>
@@ -333,7 +398,7 @@ The action will fail after this timeout.
Example:
```
```xml
<dict>
<key>label</key>
<string>Jamf Protect</string>
@@ -341,12 +406,12 @@ Example:
<string>symbol:app.badge</string>
<key>watchPath</key>
<string>/Applications/JamfProtect.app</string>
<key>wait</key>
<key>timeout</key>
<integer>300</integer>
</dict>
```
Note: This is intended to check if app are installed from the Mac App Store or Jamf App Installers. In my experience, these methods are very unreliable, hence the timeout. Since you cannot anticipate the order in which these apps may be installed, it is best to put the `watchPath` actions at the end. For large installations (Xcode) you want to have a large timeout.
Note: This is intended to check if an app is installed from the Mac App Store or by Jamf App Installers. In my experience, these installation methods are quite unreliable during enrollment, hence the timeout. Since you cannot anticipate the order in which these apps may be installed, it is best to put the `watchPath` actions at the end. For large installations, such as Xcode, or Adobe apps, you want to set a large timeout.
### Wait
@@ -358,7 +423,7 @@ Wait for a given time. Use this to let the system catch up with previous install
Example:
```
```xml
<dict>
<key>label</key>
<string>Waiting…</string>
@@ -371,11 +436,11 @@ Example:
#### `waitForUserEntry`
(String, value is ignored)
(String, value is ignored, Jamf Pro only)
When Setup Manager reaches this action before the user entry has been completed, it will wait until the user entry is completed and the user has clicked 'Save.'
If Setup Manager reaches this action before the user entry has been completed, it will wait until the user entry is completed and the user has clicked 'Save.'
When the user entry is saved, this action will set the computer name, according to the `computerNameTemplate` or what was entered by the user and run a recon/Update Inventory which submits the user data.
When the user entry is saved and this action is reached, it will set the computer name, according to the `computerNameTemplate` or what was entered by the user and run a recon/Update Inventory which submits the user data. It will also save the data from the user entry to the [user data file](Docs/Extras.md#user-data-file).
This action allows for "two phase" installation workflows where the policies in the second phase are scoped to data from the user entry. After this action, smart groups in Jamf Pro should reflect the data entered and you can use scoping in subsequent policies to choose which policies should or should not run on this device.
@@ -384,7 +449,7 @@ Regardless of whether there is a `waitForUserEntry` action or not, Setup Manager
```xml
<dict>
<key>label</key>
<string>Wait for User Entry</string>
<string>Submit User Entry</string>
<key>waitForUserEntry</key>
<string/>
</dict>
@@ -398,11 +463,11 @@ Regardless of whether there is a `waitForUserEntry` action or not, Setup Manager
This will run a Jamf Inventory update.
You should usually not need to add a recon step. By default Setup Manager will automatically run an inventory update before and after running the enrollment actions.
This action exists mainly for troubleshooting. You should generally not need to add a recon step. By default, Setup Manager will automatically run an inventory update before and after running the enrollment actions. If you have a `waitForUserEntry` action configured, this will also run a recon/inventory update.
Example:
```
```xml
<dict>
<key>recon</key>
<string/>
@@ -429,7 +494,7 @@ List of additional arguments passed into Installomator.
Example:
```
```xml
<dict>
<key>label</key>
<string>Google Chrome</string>
@@ -443,13 +508,13 @@ Example:
## Icon Sources
Icons can be defined in several ways in Setup Manager. These different approaches for the top-level `icon` and `background` key, as well as the `icon` key in an action.
Icons (which include the top-level `icon`, the `background` and the `icon`s in individual actions) can be defined in several ways in Setup Manager.
### From the web
When the icon source string starts with `http` or `https`, Setup Manager will attempt to download a file from that URL and interpret it as an image file. It will show a spinning progress view while downloading.
```
```xml
<key>icon</key>
<string>https://example.com/path/to/icon.png</string>
```
@@ -458,16 +523,20 @@ When the icon source string starts with `http` or `https`, Setup Manager will at
When the icon source is an absolute file path, Setup Manager will attempt to read that file as an image file and display it.
```
```xml
<key>icon</key>
<string>/Library/Organization/image.png</string>
```
You will need to install custom local image files _before_ Setup Manager runs.
With Jamf Pro, you can achieve that by adding another pkg to the Prestage. Since the Prestage installs pkgs in alphabetical order, this branding pkg should be named to be alphabetically _before_ "Setup Manager."
### Application:
When the icon source is an absolute file path that ends in `.app`, Setup Manager will get the icon from that app.
```
```xml
<key>icon</key>
<string>/System/Applications/App Store.app</string>
```
@@ -476,27 +545,53 @@ When the icon source is an absolute file path that ends in `.app`, Setup Manager
When the icon source starts with `name:`, Setup Manager will get the icon with that name. Two names are useful: `AppIcon` gets Setup Manager's app icon and `NSComputer` will get an icon representing the current hardware.
```
```xml
<key>icon</key>
<string>name:AppIcon</string>
```
### SF Symbols:
When the icon source starts with `symbol:`, Setup Manager will create the icon using that symbols name. You can look up symbol names using the [SF Symbols](https://developer.apple.com/sf-symbols/) app.
When the icon source starts with `symbol:`, Setup Manager will create the icon using that symbol's name. You can look up symbol names using the [SF Symbols](https://developer.apple.com/sf-symbols/) app.
Note that the availability of SF Symbols will vary with the OS version and that some SF Symbols may look different in different localizations.
Note that the availability and appearance of SF Symbols may vary with the OS version and language/region.
```
```xml
<key>icon</key>
<string>symbol:clock</string>
```
### Dark Mode
Note: after enrollment, over Setup Assistant, the system is always in light mode. This is only relevant when you use Setup Manager after user-initiated enrollment
To provide alternative images for dark or light mode, change the `string` defining the image to a dictionary with a `dark` and a `light` key. This works with the `background`, `icon`, and each action's `icon`. This also works with the `accentColor` key.
Note that Setup Manager does _not_ monitor the appearance mode, so if it changes _while_ Setup Manager is running, things will not update consistently.
Example:
```xml
<key>icon</key>
<dict>
<key>dark</key>
<string>name:Jamf_white</string>
<key>light</key>
<string>name:Jamf_blue</string>
</dict>
```
## User Entry
You can enable user entry for the following keys:
- `userID`
- `email`
- `endUsername` (shown as 'Account Name')
- `realname` (shown as 'Full Name')
- `position`
- `phone`
- `department`
- `building`
- `room`
@@ -505,19 +600,22 @@ You can enable user entry for the following keys:
Any of the fields will only be shown when its key exists. If you were to create an empty `userEntry` dict, you get an empty user input screen with a 'Save' button - not a good user experience.
`userID` and `email` can be somewhat confusing and depending on which Cloud directory you have configured in Jamf Pro, you may need one or the other or both. Because of this Setup Manager 1.1 and older would only prompt for 'User email' and set both `userID` and `email` from that value. To maintain compatibility with this behavior, Setup Manager will continue to set _both_ `userID` and `email` when only one of the two values is requested and entered. If you request both fields, both will be set individually in the recon.
### User Data file
Data from user entry is written, together with some other data to a file when Setup Manager reaches a `waitForUserEntry` action and again when it finishes. The file is stored at `/private/var/db/SetupManagerUserData.txt`. [More details.](Extras.md#user-data-file)
Data from user entry is written, together with some other data to a file when Setup Manager reaches a `waitForUserEntry` action and again when it finishes. The file is stored at `/private/var/db/SetupManagerUserData.txt`. [More details.](Docs/Extras.md#user-data-file)
#### `default`
(String, localized)
You provide a default value in two ways:
Provide a default value in one of two ways:
Example:
```
```xml
<key>computerName</key>
<string>Mac-12345</string>
```
@@ -528,7 +626,7 @@ When you want to configure other options of the field, you need to use the `dict
Example:
```
```xml
<key>computerName</key>
<dict>
<key>default</key>
@@ -545,7 +643,7 @@ Example:
This will show the string value given as a greyed out placeholder in the empty text field.
```
```xml
<key>assetTag</key>
<dict>
<key>placeholder</key>
@@ -561,7 +659,7 @@ Note: a `default` value will prevent the placeholder from appearing, unless the
This will show a popup list of preset options:
```
```xml
<key>department</key>
<dict>
<key>options</key>
@@ -594,7 +692,7 @@ Detailed description of the regular expression syntax: [NSRegularExpression](htt
Example:
```
```xml
<key>userID</key>
<dict>
<key>placeholder</key>
@@ -608,9 +706,9 @@ Example:
(String, optional, localized)
The default validation message will show the regular expression the value is not matching. This is suitable for debugging but not at all user friendly. You really should provide a localized message explaining how the value can conform.
The default validation message will show the regular expression the value is not matching. This is suitable for debugging but not at all user friendly. You really should provide a localized message explaining how the entry should conform.
```
```xml
<key>assetTag</key>
<dict>
<key>placeholder</key>
@@ -631,11 +729,37 @@ The default validation message will show the regular expression the value is not
</dict>
```
#### `label`
(String, localized, optional)
Many Jamf Pro admins use the standard fields in ways that don't match their built-in label. For this purpose you can override the default label shown for a field in the user entry.
Note that the text label in the [User Data file](Docs/Extras.md#user-data-file) will _not_ be changed.
Example:
```xml
<key>room</key>
<dict>
<key>label</key>
<string>Site</string>
<key>options</key>
<array>
<string>London</string>
<string>Paris</string>
<string>Amsterdam</string>
</array>
</dict>
```
In this example, the 'Room' field will be shown in Setup Manager with the label 'Site.' The choice will be submitted to the 'room' field in Jamf Pro inventory and written with the 'room' label to the [User data file](Docs/Extras.md#user-data-file). You can then pick up the data in policy scripts after Setup Manager is finished or the `waitForUserEntry` action and process it accordingly.
### Conditionally show the user entry for certain users
You can configure Setup Manager to only show the user entry section when specified users have authentication in enrollment customization. This enables workflows, where certain users (techs and admins) gets the option to re-assign the device to another user, but other users don't see the option.
You can configure Setup Manager to only show the user entry section when specified users have authenticated in enrollment customization. This enables workflows, where certain users (techs and admins) get the option to re-assign the device to another user, but other users don't see the option.
For this, you need to setup the top-level `userID` to receive the `$EMAIL` variable. This will communicate the user who logged in with customized enrollment back into Setup Manager. Then you add key `showForUserIDs` with an array of user emails to the `userEntry` dict. When both `userID` and `userEntry.showForUserIDs` are set, the user entry UI will only show for the listed users.
For this, you need to setup the top-level `userID` to receive the `$EMAIL` variable. This will communicate to SetupManager the user who logged in with customized enrollment. Then you add key `showForUserIDs` with an array of user emails to the `userEntry` dict. When both `userID` and `userEntry.showForUserIDs` are set, the user entry UI will only show for the listed users.
#### `showForUserIDs`
@@ -643,7 +767,7 @@ For this, you need to setup the top-level `userID` to receive the `$EMAIL` varia
Example:
```
```xml
<key>userEntry</key>
<dict>
<key>showForUserIDs</key>
@@ -666,7 +790,7 @@ Example:
## Help
When you provide a top-level `help` key with a dictionary a help button (with a circled question mark) will be shown in the lower right corner. When you click on the help button a window with information will be shown. You can set the information with the following keys in the `help` dictionary.
When you provide a top-level `help` key with a dictionary a help button (with a circled question mark) will be shown in the lower right corner (for left-to-right localizations). When you click on the help button a window with information will be shown. You can set the information with the following keys in the `help` dictionary.
#### `title`
@@ -674,17 +798,17 @@ When you provide a top-level `help` key with a dictionary a help button (with a
#### `message`
(String, optional, localized)
(String, optional, localized, markdown)
#### `url`:
(String, optional, localized)
The contents of the `url` key will be translated into a QR code and displayed next to the help message. This allows for end users to follow a link to more information on their devices while the Mac is performing installations.
The contents of the `url` key will be translated into a QR code and displayed next to the help message. This allows for end users to follow a link to more information on another device while the Mac is performing installations.
Example:
```
```xml
<key>help</key>
<dict>
<key>message</key>
@@ -696,26 +820,30 @@ Example:
</dict>
```
## Webhooks
Setup Manager can send web hooks to servers and services to trigger workflows there. You can read [details on how to configure and use WebHooks here](Docs/Webhooks.md).
## Localization
The app will pick up the user choice of the UI language for the interface elements. Right now it supports English, French, German, Italian, Spanish, and Dutch. The app will fall back to English for other language choices.
The app will pick up the user choice of the UI language for the interface elements. (Table of currently available languages below.) The app will fall back to English for other language choices.
You can provide localizations for the texts given in the configuration profile.
You can provide localizations for the custom texts given in the configuration profile.
**Note:** the method for providing localized texts in the configuration profile changed in version 1.1. The previous method will continue to work for the time being. Going forward, it is _strongly_ recommended to change to the new dictionary-based solution.
**Deprecation notice:** the method for providing localized texts in the configuration profile changed in version 1.1. The previous method (by appending the two letter language code to the key) is considered deprecated. It will continue to work for the time being but will be removed in a future release. It is _strongly_ recommended to change to the new dictionary-based solution.
To provide a set of localizations for a value in the profile, change its type from `string` to `dict`. Inside the `dict`, provide a value for each localization for each localization with the language code as key.
For example, this unlocalized key-value pair
```
```xml
<key>title</key>
<string>Welcome!</string>
```
is localized like this:
can be localized like this:
```
```xml
<key>title</key>
<dict>
<key>en</key>
@@ -750,6 +878,7 @@ The following keys can be localized:
- `default`
- `placeholder`
- `validationMessage`
- `label`
### Help
@@ -766,21 +895,28 @@ Use these two-letter codes for these languages:
| French | fr |
| German | de |
| Italian | it |
| Hebrew | he |
| Norwegian | nb |
| Spanish | es |
| Swedish | sv |
The [plist and profile example files](Examples) contain localizations for many of the custom text elements.
## Substitution
Certain keys, such as `computerNameTemplate` can use tokens, which begin and end with `%` character. The tokens will be substituted with data from the device or from user entry. For example, in the template `Mac-%serial%` the `%serial%` token will be replaced with the computer's serial number. (A double `%%` will be substituted with a single `%`, in case you need to represent this symbol in the computer name.)
Certain keys, such as `computerNameTemplate` can use tokens, which begin and end with `%` character. The tokens will be substituted with data from the device or user entry.
For example, in the template `Mac-%serial%` the `%serial%` token will be replaced with the computer's serial number.
A double `%%` will be substituted with a single `%`, in case you need to represent this symbol.
The following tokens are available:
- `serial`: the computer's serial number
- `udid`: the computer's provisioning udid
- `udid`: the computer's provisioning universal device identifier
- `model`: the computer's model name, e.g. `MacBook Air` or `Mac mini`
- `model-short`: the first word of `model` (no spaces), i.e. `MacBook`, `Mac` or `iMac`
- these values from user entry, _after_ user entry has completed
- these values from user entry, _after_ user entry has completed (see [`waitForUserEntry`](#waitForUserEntry))
- `email`
- `assetTag`
- `building`
@@ -798,3 +934,20 @@ These keys can use substitutions:
- `computerNameTemplate`
- actions: `label`
## Markdown
In some fields, markdown formatting can be used to generate rich, formatted text. For example:
```xml
<key>message</key>
<string>Preparing your new Mac. **Please be patient.**</string>
```
The `Please be patient.` text will be shown bolded. You can find details on markdown formatting in the [Markdown Cheat Sheet](https://www.markdownguide.org/cheat-sheet/).
Note that while you _can_ embed links to websites in the markdown using the `[…](…)` syntax they will not work while running over Setup Assistant or Login Window.
These keys can use markdown:
- `message`
- Help: `message`

48
Docs/Extras.md
View File

@@ -11,11 +11,15 @@
- for the Variant, select Setup Manager.json
- fill in your fields!
The custom schema does not contain all keys and options available in the [configuration profile](../ConfigurationProfile.md). Specifically, the `wait` action and the option to [localize values](../ConfigurationProfile.md#localization) are not available.
When you reach the limits of the custom schema, use the XML it generates as a starting to building a custom XML.
Note that the custom schema can become confused when you switch between enrollment action types and you will need to clean up extra empty fields.
## Quit
The command-Q keyboard short cut to quit the app is disabled. You can use shift-control-command-E instead. This should only be used when debugging as it may leave the client in an undetermined state when installations are aborted.
The command-Q keyboard shortcut to quit the app is disabled. Use `shift-control-command-E` instead. This should only be used when debugging and troubleshooting, as it will leave the client in an undetermined state when installations are aborted.
## Logging
@@ -23,13 +27,20 @@ Setup Manager logs to `/Library/Logs/Setup Manager.log`. While Setup Manager is
## Debug mode
When you set the `DEBUG` key to `true` in the profile or locally with the `defaults` command Setup Manager will not perform any tasks that actually perform installations or otherwise change the system.
When you set the `DEBUG` key to `true` in the profile or locally with the `defaults` command Setup Manager will not perform any tasks that actually perform installations or otherwise change the system. When in DEBUG mode, Setup Manager will also read settings from the local settings (i.e. `~/Library/Preferences/com.jamf.setupmanager.plist`) which simplifies iterating through different settings. If you want to run Setup Manager on an unmanaged Mac, you may need to provide a `simulateMDM` key with a value of either `Jamf Pro` or `Jamf School`.
You may also need to remember to remove the [flag file](#flag-file) before launching Setup Manager.
You will also be able launch the app as the user, by double-clicking the app in `/Applications/Utilities`. This is useful to test the look and feel of your custom icons, text and localization. When you use this to create screen shots for documentation, also note the `overrideSerialNumber` and `hideDebugLabel` keys.
For testing, you can also re-launch Setup Manager from the command line as root with `sudo "/Applications/Utilities/Setup Manager.app/Contents/MacOS/Setup Manager"`
## Flag file
Setup Manager creates a flag file at `/private/var/db/.JamfSetupEnrollmentDone` when it finishes. If this file exists when Setup Manager launches, the app will terminate immediately and without taking any action. You can use this flag file in an extension attribute in Jamf to determine whether the enrollment steps were performed. (Setup Manager does not care if the actions were performed successfully.)
Setup Manager creates a flag file at `/private/var/db/.JamfSetupEnrollmentDone` when it finishes.
If this file exists when Setup Manager launches, the app will terminate immediately without taking any action. You can use this flag file in an extension attribute in Jamf to determine whether the enrollment steps were performed. (Setup Manager does not care if the actions were performed successfully.)
When `DEBUG` is set to `true` in the defaults/configuration profile, the flag file is ignored at launch, but may still be created when done.
@@ -62,19 +73,38 @@ computerName: MacBook-M7WGMK
submit: 2024-08-14T13:54:37Z
duration: 101
```
Start time (`start`) and finish/submission time (`submit`) are given in ISO8601 format, universal time (UTC). Duration is given in seconds.
Start time (`start`) and finish/submission time (`submit`) are given in ISO8601 format, universal time (UTC).
Fields that were not set in user entry will not be shown at all. You can use this file in scripts or extension attributes. One possible way is to parse it with `awk`, e.g.
Fields that were not set in user entry will not be shown at all. You can use this file in scripts or extension attributes. The easiest way would be to parse it with `awk`, e.g.
```
```xml
duration=$(awk -F ': ' '/duration: / {print $2}' /private/var/db/SetupManagerUserData.txt)
```
## Final action and shutdown
Starting with Setup Manager 1.2, the User Data file contains a list of actions with their status:
When the app is not running as root (for testing or from Xcode) or when the `DEBUG` preference is set, shutdown will merely quit.
```
enrollmentActions:
-action 0: finished - Microsoft 365
-action 1: finished - Google Chrome
-action 2: finished - Jamf Connect
```
The status can be `finished` or `failed`.
## "About This Mac…" window
When you hold the option key when clicking on "About This Mac…" you will see more information.
## Scannable Serial Number Barcode
Hitting the space bar while Setup Manager is the Active window will open a window with a scannable barcode of the serial number. Hitting the space bar again will dismiss the window.
Note that Setup Manager does not automatically get Key Window when it launches, while running over Setup Assistant, so you may have to click in the Setup Manager window, before hitting the space bar.
## Uninstall Setup Manager
Setup Manager will unload and remove its LaunchAgent and LauchDaemon files upon successful completion. That together with the [flag file](#flag-file) should prevent Setup Manager from launching on future reboots.
If you still want to remove Setup Manager after successful enrollment, there is [a sample uninstaller script in the Examples folder](../Examples/uninstall.sh).

31
Docs/FAQ.md
View File

@@ -1,6 +1,6 @@
# Frequently Asked Questions
## Is there are custom JSON Schema for Jamf Pro?
## Is there a custom JSON Schema for Jamf Pro?
[Yes.](Extras.md#custom-json-schema-for-jamf-pro)
@@ -14,22 +14,41 @@ There can be many causes for this. A few common causes are:
- Jamf Pro: check that Setup Manager is added to your prestage and the package does not have the label "Availability pending" in Settings> Packages
- Jamf Pro: do not install JamfConnect.pkg in prestage when you want to use Setup Manager. Install JamfConnect with Setup Manager instead
- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services or 'Choose your Look' are common choices, that you generally want to leave up the user anyway. Otherwise Setup Assistant may quit before Setup Manager can launch and do its actions.
- you need at least one of the 'Setup Assistant Options' in the prestage to be set to _not_ skip. Location Services or 'Choose your Look' are common choices that you generally want to leave up the user anyway. Otherwise, Setup Assistant may quit before Setup Manager can launch and do its actions.
## Does Setup Manager require Jamf Connect
No.
Setup Manager will run fine without Jamf Connect. You can even build 'single-touch' style workflows with Setup Manager withough Jamf Connect. Some features, such as pre-assigning a device to a specific user require Jamf Connect, though.
Setup Manager will run fine without Jamf Connect. You can even build 'single-touch' style workflows with Setup Manager without Jamf Connect. Some features, such as pre-assigning a device to a specific user require Jamf Connect, though.
## How can I use the icon for an app before the app is installed?
- preinstall icon files with a custom package installer in prestage. Set the priority of the media/branding package lower than that for Setup Manager, or give the branding/media package a name that is alphabetically earlier than Setup Manager, so it installs before Setup Manager
- use http(s) urls to the image files
- you can host them on a web server/service that you have control over
- you can add the icon as an icon for a self service policy in Jamf and then copy the url to the icon once uploaded
- you can add the icon as an icon for a Self Service policy in Jamf and then copy the url to the icon once uploaded
## What is happening during the "Getting Ready" steps?
## What is happening during "Getting Ready" and "Finishing"?
During the "Getting Ready" phase, Setup Manager is waiting for the enrollment configuration to be complete. The steps taken during these phases depend on the version of Setup Manager and the management system.
When enrolled into Jamf Pro, Setup Manager runs (among other things) a recon/Update Inventory during "Getting Ready" and "Finishing." This will make up most of the time in these phases.
You can open the log window (command-L) or review the [log file](Extras.md#logging) for detail for each step. Should Setup Manager stall during one of these steps, you can [quit](Extras.md#quit) out of Setup Manager and review the [log file](Extras.md#logging) after completing the setup.
## Can I set the wallpaper/desktop picture or dock with Setup Manager?
The settings for the dock and wallpaper/desktop picture are _user_ settings. Since the user account usually does not yet exist when Setup Manager runs, you cannot affect those settings.
What you can do is run a script at login which sets the desktop (using [desktoppr](https://github.com/scriptingosx/desktoppr) ) or the dock (using [dockutil](https://github.com/kcrawford/dockutil) or a similar tool). You can use the Jamf Pro login trigger for this, or create a custom LaunchAgent or use [outset](https://github.com/macadmins/outset/)
## Can Setup Manager run at first login, rather than right after enrollment?
Technically, yes.
With Jamf Pro, you can set the Setup Manager pkg to install at the `login` trigger or manually from Self Service. Then it will launch within the user session.
This is not, however, the primary workflow for Setup Manager and not something that we will test or verify. We believe running right after enrollment over Setup Assistant is the preferable deployment.
During the "Getting Ready" phase, Setup Manager is waiting for the Jamf Pro configuration to be complete, and runs a recon, so that policies during the enrollment phase can already be scoped. You cannot change the steps in this phase. You can see the details and possibly failures in the Setup Manager log.

35
Docs/JamfPro-LoginWindow.md Normal file
View File

@@ -0,0 +1,35 @@
# Jamf Pro: Run Setup Manager at Login Window
**Beta** _We believe the run at login window feature may require more testing, especially in some edge cases. When, after thorough testing, you believe this works in your workflow, feel free to deploy it, and please let us know about success or any issues you might encounter._
By default, Setup Manager launches as soon as the installation completes. You can defer launching Setup Manager to launch when the macOS Login Window appears, instead.
When the `runAt` key in the profile is set to `loginwindow`, Setup Manager will not launch immediately after installation but when Login Window appears. In combination with the 'AutoAdvance' feature for automated device enrollment, this allows for completely 'hands-off' enrollment and configuration workflows.
However, this requires the enrollment workflow to be configured so that it will eventually end at Login Window, usually by connecting the Mac to a directory service.
## Prestage configuration
- Create or clone a new prestage to run Setup Manager at Login Window.
- Under 'General', under 'Setup Assistant', enable 'Automatically advance through Setup Assistant'. Select the language and region you want to assign to the Macs.
- Select all options to be skipped.
- Under 'Account Settings' choose to create a managed local administrator, configure the user name, password and other options.
- In 'Local User Account Type', select 'Skip Account Creation'
- Under 'Configuration Profiles', select the Setup Manager configuration profile. In that profile, set the [`runAt` key](../ConfigurationProfile.md#runAt) to `loginwindow`.
- Upload the Setup Manager installation pkg from the [Releases](https://github.com/jamf-concepts/setup-manager/releases) section to Jamf Pro and add it to the 'Enrollment Packages' section. Ensure you have selected 'Cloud Distribution Point' as the distribution point or setup the manifest for an on-premise deployment.
## Bind to directory
You will likely need to bind the Mac to a directory service to allow for user login after successful deployment. This can be triggered by a policy as an Setup Manager action.
## Auto Advance
The Apple feature to automatically advance through the Setup Assistant screens has a few requirements. The Mac has to be registered in Apple Business Manager or Apple School Manager and assigned to the MDM servier. It also has to be connected with ethernet to a network that can reach the MDM server, all Apple services and other internal services you might configure during enrollment (e.g. directory or IdP server).
Auto Advance doesn't 'kick in' until after Voiceover has introduced itself and if you ever touch any of the controls, AutoAdvance will stop and you have to continue manually.

11
Docs/JamfPro-QuickStart.md
View File

@@ -52,7 +52,7 @@ You can add more actions here. There are more types of actions available, you ca
- Add the Setup Manager pkg and the configuration profile to the Prestage
- if you have JamfConnect.pkg in the Prestage, remove it. You can later add an action to install JamfConnect using Setup Manager.
- ensure that 'Automatically advance through Setup Assitant' is _disabled_
- Have at least one option _disabled_ (so that _is_ displayed)
- Have at least one Setup Assistant option _disabled_ (so that _is_ displayed)
- ensure your test Mac(s) is (are) assigned to the Prestage
## Wipe the Test Mac
@@ -64,8 +64,7 @@ You can add more actions here. There are more types of actions available, you ca
## Next Steps
- add more actions to Setup Manager, you can use more Jamf Pro policies, Installomator labels, or shell actions
- add a computer name template key to the profile to automate computer naming
- add a `help` section to let the user know what is going on
- ideally automated deployments shouldn't require manual entry, but if necessary, you can configure a user entry section in the profile
- add more [actions](../ConfigurationProfile.md#actions) to Setup Manager, you can use more Jamf Pro policies, Installomator labels, or shell actions
- automate computer naming with a [computer name template key](../ConfigurationProfile.md#computerNameTemplate)
- add [a `help` section](../ConfigurationProfile.md#help) to let the user know what is going on
- ideally automated deployments shouldn't require manual entry, but if necessary, you can configure a [user entry](../ConfigurationProfile.md#user-entry) section in the profile

1
Docs/JamfPro-TwoPhase.md
View File

@@ -47,7 +47,6 @@ Setup Manager also saves the data from user entry in a plain text file which you
<string>symbol:plus.app</string>
<key>label</key>
<string>Extra Apps for %department%</string>
</dict>
<key>policy</key>
<string>install_extra_apps</string>
</dict>

6
Docs/JamfProConnect-SingleTouch.md
View File

@@ -16,7 +16,9 @@ You can use a combination of Jamf Pro, Setup Manager and Jamf Connector, to get
Customized Enrollment with SSO is not _required_ for this workflow. The assignment to the final user is set from the email entered in Setup Manager. Nevertheless, customized enrollment with SSO is useful in this context since restricts Mac enrollment to a group of authorized accounts.
You should have Jamf Pro and Jamf Connect configured with the required SSO integrations and thoroughly tested before configuring this workflow.
You should have Jamf Pro and Jamf Connect configured with the required SSO integrations and thoroughly tested before configuring this workflow.
Verify that "Collect User and Location information from Directory Service" is **enabled** in Settings > Computer management > Inventory collection.
## Configure Setup Manager
@@ -86,6 +88,8 @@ Then create a Smart Group named "Setup Manager Done" with the criteria `"Setup M
## Pre-set user for Jamf Connect
Note: this step only works with Entra ID as the Identity Provider.
Jamf Connect Login allows pre-configuring the user. Create a configuration profile named "Jamf Connect Enrollment User" to the preference domain `com.jamf.connect.login` with the following property list:
```xml

180
Docs/JamfSchool-Setup.md
View File

@@ -1,166 +1,64 @@
# Installation and Configuration: Jamf School
# Jamf School: Setup Manager Quick Start
## Selecting Deployment Method
### Upload Setup Manager Package
Jamf Setup Manager can be deployed to run at two different points during a device deployment. Right after enrollment (the default) and at login window. You must select which method is appropriate for your deployment before configuring the Jamf Setup Manager Workflow in Jamf School
Download the latest version of the Setup Manager installation pkg from the [releases page](https://github.com/Jamf-Concepts/Setup-Manager/releases)
### At Enrollment (Default)
Once you have the pkg it needs to be uploaded to Jamf School as an `In House macOS app` and can be done by logging into Jamf School and Navigating to
Jamf Setup Managers default deployment action is to run at `Setup Assistant`.
* **Apps** -> **Inventory** -> **click on + Add App**
* Click **Add In-House macOS Package**
* Navigate to the downloaded Jamf Setup Manager Package and drag into the window
* Once uploaded click **Save** (no need to scope anything at this point)
Setup Manager will appear and during `Setup Assistant` allowing the user to continue to configure `Setup Assistant` after Setup Manager has completed its tasks.
_**This method is recomended for 1:1 environments**_
### Prepare Jamf School In House macOS Apps, VPP Apps and Configurations
Example
> You deploy 1:1 MacBooks, want to ensure that critical software installed prior to the user working on the device but also require the user to configure TouchID and create a user account during the onboarding.
Setup Manager can "watch" for items in a particular file path on the volume. This is a great way to check if an app installed via VPP or In House macOS Apps (custom packages) are installed before moving on to the next action.
> The user will connect the MacBook to the network and enroll into MDM. After a short delay Setup Manger will run and complete its tasks and install critical software
If you intend to "watch" for an item in your Setup Manager workflow ensure to scope the app(s) in the convential way.
> Once complete the user will be released back to Setup Assistant where they will be able to use the Setup Assistant panes to configure TouchID and create a user
Other apps (that are not being monitored through Setup Manager) and profile configurations should be scoped to the target devices in the convential way
*How you scope these addtional items will depend on your deployment but as an example this could be done through the App Inventory menu or via a smart / static group.*
### Create the Setup Manager Configuration Profile
With this default method you will require an Automated Device Enrollment Profile configured with
There are many actions and configurable items available for Setup Manager, which are well [documented here](https://github.com/Jamf-Concepts/Setup-Manager/blob/main/ConfigurationProfile.md).
- At least one setup assistant pane configured
- *“Wait for the configuration to be applied before continuing the Setup Assistant”* box checked
- An admin account should be configured as required
- Other ADE profile setting should be set as required
- _**Do Not**_ select `Auto Advance`
*Its worth noting that there are a number of actions that can be performed that are only available for Jamf Pro, these are clearly stated in the documentation.*
> If the user skips through all of the Setup Assistant panes before Setup Manager launches or Auto Advance is selected. and the device lands on the login screen, Setup Manager will not launch
To help you get started on creating a Configuration Profile, there is a [sample profile](https://github.com/Jamf-Concepts/Setup-Manager/blob/main/Examples/sample-jamfschool.mobileconfig).
This sample profile can then be edited using a text editor tool such as [BBEdit](https://www.barebones.com/products/bbedit/) or a tool specifically for editing plists and profiles, such as [PlistEdit Pro](https://www.fatcatsoftware.com/plisteditpro/).
### At Login Window
If you'd prefer to not edit in text format [iMazing Profile Editor](https://imazing.com/profile-editor) now has a community created payload spefically for Setup Manager which enables you to create a profile in a more user friendly GUI
Jamf Setup Manager can be configured to run at `Login Window`.
Once you have a configuration profile with the desired actions it should be uploaded to Jamf School. Navigate to
Setup Manager will appear once the device has ran through `Setup Assistant` and is waiting at the login screen and run through its tasks. Releasing back to the login window once complete.
* **Profiles** -> **Overview** -> click **+Create Profile**
* Click **Upload Custom Profile** -> Find the configuration profile on your system and drag to the window
* Click **Next**
* Give the profile and name and description -> click **Next**
* Click **Finish**
* Click **Save** (no need to scope anything at this point)
_**This method is recommended for lab environment**_
### Automated Device Enrolment Profile & Scoping
Example
> You are deploying a lab of iMacs ready for the new academic year. You wish to connect iMacs to the network with ethernet, power on and leave the devices to enroll and build while you complete other tasks.
Create a new ADE profile by Navigating to
> After configuring an ADE profile with Auto Advance an iMac will enroll into Jamf School and move through Setup Assistant without any user interaction. Once at the login Window Setup Manager will run and complete its tasks.
* **Profiles** -> **Automated Device Enrolment Profiles** -> click **+macOS**
* Fill out the profile as required for your deployment but **DO NOT** check the *Enable Zero-Touch Setup* box
* Click **Add** under profiles and select your *Jamf Setup Manager Configuration Profile* from the drop down menu
* Click **Add** under packages and select the *Jamf Setup Manager package* from the drop down menu
* Click **Save**
> Once Setup Manager is complete the build is complete
Finally scope the ADE profile to the required devices
### Wipe The Test Mac
To run Setup Manager at `Login Window` you will require
* On the test mac, choose `Erase all Contents and Settings` in the Settings app or wipe the Mac using the `Erase Device` remote management command in Jamf Pro
* Click through the initial enrollment dialogs. After you approve the enrollment in your MDM, Setup Manger should appear and perform the actions you configured
* While the installations are progressing, click on "About this Mac…" for information, click again while holding down the option key for even more information
* Hit `command-L` for a log window. You can also find this log info later at `/Library/Logs/Setup Manager.log`
1. A Setup Manager Profile with the key `runAt` and `String Value` of `loginwindow`
2. An Automated Device Enrollment Profile configured with
- An admin account
- `Auto Advance` configured
- Other ADE profile setting should be set as required
---
## Jamf Setup Manager Workflow Requirements
In order to configure the workflow in Jamf School you will need
- A Jamf Setup Manager Configuration Profile (customized for your deployment, example profile below) uploaded to Jamf School
- Jamf Setup Manager package installer (available from Jamf Concepts) uploaded to Jamf School
- An Automated Device Enrollment Profile with the correct settings for your chosen deployment method (`default` or `LoginWindow`)
---
**Step 1: Configuration Profile**
Create a Payload-less Profile for Smart Group Targeting
- Navigate to profiles and create a new macOS Profile
- Name it *“Jamf Setup Manager Installed”*
- Do not scope the profile and do not configure any payloads. Simply save the profile
---
**Step 2: Smart Group for Setup Manger Config Profile**
Create a Smart Group to target your required Macs
- Navigate to `Devices → Device Groups` and create a new group. Ensure you select `Smart Group`
- Name the Group *“Jamf Setup Manager Profile”* skip all other panes until members
- In members select `Automated Device Enrollment Profile` `equals` and then select the ADE profile that you created as part of the requirements step. This will target any and all devices that enrol using that ADE profile
> If you only want to select a subset of macOS devices, for example Lab Mac devices and not 1:1 devices, configure this group to target additional critera the desired devices in your environment will have
- `Save` Scope
- Next in the `Profiles` tab add the Jamf Setup Manager Configuration Profile that you uploaded to Jamf School
---
**Step 3: Smart Group to install Setup Manager**
Create a Smart Group to target devices with Jamf Setup Manager Profile Installed to deploy the Setup Manager pkg
- Navigate to `Devices``Device Groups` and create a new group. Ensure you select `Smart Group`
- Name the Group *“Install Jamf Setup Manager”*, skip all other panes until members
- In members select `Managed Profile (Installed)` `equals` and then select the Jamf Setup Manager Configuration Profile that you uploaded to Jamf School
- `Save` Scope
- Next in the `Apps` tab add the Jamf Setup Manager pkg and in the `Profiles` tab select the *“Jamf Setup Manager Installed”* profile you created in Step 1
> If you named your profile in step 1 something different, be sure to select that profile in this step
---
**Step 4: Smart Group for all other apps and configurations**
Create a Smart Group to target devices with the “Jamf Setup Manager Installed” profile installed and deploy the rest of the profile and apps
- Navigate to `Devices``Device Groups` and create a new group. Ensure you select `Smart Group`
- Name the group *“macOS Management & Apps”*, skip all other panes until members
In members select `Managed Profile (Installed)` `equals` and then select *"Jamf Setup Manager Installed"* profile that you created in Step 1
> If you named your profile in step 1 something different, be sure to select that profile in this step
- Next in the `Apps` tab add any apps or packages that will not be installed via Installomator as part of the Jamf Setup Workflow and in the `Profiles` tab any any and all config needed to manage your Macs
- If you install packages or App Store apps through Jamf School, and you want to report on them as part of the Jamf Setup Manager workflow be sure to add `Watchpaths` for the apps / content into the Jamf `Setup Manager Configuration Profile` before uploading to Jamf School
---
### Workflow
These chained amart group actions then perform the following flow
- Scope the Jamf Setup Manager Config profiles to all macOS devices enrolled with a given ADE profile
- Once the Profile is reported as installed by Jamf School, it will then install the Jamf Setup Manager pkg (since we 100% know the config profile is on the device before the pkg, we know itll be configured in the correct manner) and the *“Jamf Setup Manager Installed”* profile
- Only when the device reports back that it has *“Jamf Setup Manager Installed”* profile will it move into the next smart group where it will receive the `commands` to install further apps / packages and the rest of the configuration profiles.
With this flow we are controlling, the best we can, that the first thing the device does is install Jamf Setup Manager and the required config. This is rather than having Jamf Setup Manager queued further down a list of apps that are installing.
> You can view the device activity log in the Jamf School console to ensure that the InstallEnterpriseApp command for Setup Manager is received before other app commands, for testing and troubleshooting.
---
### Workflow Considerations and Warnings
The Jamf Setup Manager workflow for Jamf School has been designed to take advantage of profile installation reporting in smart groups and in part to tackle the fact that Jamf School does not have a concept of *“Pre-Stage Packages”*. As such the workflow relies on chaining together smart groups where membership of one group is dependent on an action of the previous step.
Example
> You can view the device activity log in the Jamf School console to ensure that the InstallEnterpriseApp command for Setup Manager is received before other app commands, for testing and troubleshooting.
>
If an admin to accidentally unscoped the *“Jamf Setup Manager Installed”* profile from a device it would then fall out of scope of the *“macOS Management & Apps”* group, as its membership criteria requires the *“Jamf Setup Manager Installed”* profile to be installed on the device.
> Since the *“macOS Management & Apps”* group is where all of the management and App Store apps are scoped removal from this group means the device has the profiles and App Store apps removed, resulting in a device in an unexpected state.
Therefore it is essential that the device maintains this chained smart group flow throughout its deployment.
Should you need to `update`, `amend` or `edit` the `Jamf Setup Manager Configuration Profile` that controls Setup Manager, you will need to do this locally and then re-upload to Jamf School.
For best results we recommend the following workflow
- Navigate to the current profile in Jamf School in the `Profiles` -> `Configuration Profiles` menu
- Click the `pencil icon` to edit
- Click `replace profile`
- Drag local updated profile to the revealed box or click on the box to navigate to the profile
- Click `save`
Following this workflow keeps the name of the profile in Jamf School the same as the previous version and there is no need to edit / add a different or new profile the the scope in `Step 2` or change the criteria for the name of the installed profile in `Step 3`
Should you want to keep different versions of the Jamf Setup Manager Configuration Profile in Jamf School in order to switch between different Setup Manager actions please ensure that you update the profile in `Step 2` and `Step 3` to match the desired Jamf Setup Manager Configuration Profile prior to deploying devices. Failure to do this could result in the breaking of the smart group chain required for Jamf School resulting in devices in an unexpected state (ie not with the desired configurations and/or apps)

109
Docs/Webhooks.md Normal file
View File

@@ -0,0 +1,109 @@
# Webhooks
#### `webhooks`
(Dict, optional)
Setup Manager can send webhooks to inform other services of its status. The configuration for the webhooks in all stored under the top-level `webhooks` key.
The webhooks dict can contain two keys, both of which are again dicts. `started` defines the webhook or webhooks that are called when Setup Manager starts its workflow, and the other `finished` defines the webhook or webhooks when it finishes the workflow.
When the either the `started` or `finished` key is missing, no webhook will be sent for that event.
Example:
```xml
<key>webhooks</key>
<dict>
<key>finished</key>
<string>https://example.com/webhook-finish</string>
<key>started</key>
<string>https://example.com/webhook-start</string>
</dict>
```
### Multiple webhooks
You can send multiple services per event:
```xml
<key>webhooks</key>
<dict>
<key>finished</key>
<array>
<string>https://example.com/webhook-finish</string>
<string>https://otherservice.com/abc123456</string>
</array>
<key>started</key>
<array>
<string>https://example.com/webhook-start</string>
<string>https://otherservice.com/abc123456</string>
</array>
</dict>
```
### WebHook Data
For the `started` webhook, Setup Manager attaches this data:
```json
{
"name": "Started", // string
"timestamp": "2025-01-14T15:11:28Z", // time setup manager started, date as string, iso8601
"started": "2025-01-14T15:11:27Z", // time webhook was sent, date as string, iso8601
"modelName": "MacBook Air", // string
"modelIdentifier": "Mac14,2", // string
"macOSBuild": "24C101", // string
"macOSVersion": "15.2.0", // string
"serialNumber": "ABCD1234DE", // string
"setupManagerVersion": "1.2" // string
"jamfProVersion": "11.13.0" // optional, only for Jamf Pro, string
"jssID": 1234 // optional, only when `jssID` is set in profile, string
}
```
The data for the `finished` webhook includes the same as above, with some additional fields:
```json
{
"name": "Finished", // string
"duration": 53, // integer
"finished": "2025-01-14T15:12:20Z", // time Setup Manager finished, date as string, iso8601
"computerName": "Mac-123456" // computer name, only when set through Setup Manager
"userEntry": { // data entered by the user
"department": "IT",
"computerName": "IT-ABC123",
"userID": "a.b@example.,com",
"assetTag": "abc54321"
},
"enrollmentActions": [ // array of enrollmentActions with status
{
"label": "Microsoft 365",
"status": "finished" // status: "finished" or "failed"
},
{
"label": "Google Chrome",
"status": "finished"
},
{
"label": "Jamf Connect",
"status": "finished"
},
],
}
```
### Microsoft Teams
When you set up [an incoming webhook workflow with Microsoft Teams](https://support.microsoft.com/en-us/office/create-incoming-webhooks-with-workflows-for-microsoft-teams-8ae491c7-0394-4861-ba59-055e33f75498) the json payload is expected in a certain format. Use this webhook format in the Setup Manager profile:
```xml
<dict>
<key>kind</key>
<string>teams</string>
<key>url</key>
<string>--insert url from Teams Workflows here--</string>
</dict>
```
This `dict` replaces the simple `string` syntax.

6
Examples/sample-com.jamf.setupmanager.plist
View File

@@ -22,6 +22,8 @@
<string>Establecer zona horaria</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>he</key>
<string>הגדרות אזור זמן</string>
<key>it</key>
<string>Imposta il fuso orario</string>
<key>nl</key>
@@ -83,6 +85,8 @@
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>he</key>
<string>אנא התאזר בסבלנות בזמן ש-Setup Manager מגדיר את ה-Mac החדש שלך</string>
<key>it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>nl</key>
@@ -98,6 +102,8 @@
<string>¡Bienvenido!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>he</key>
<string>ברוכים הבאים!</string>
<key>it</key>
<string>Benvenuto!</string>
<key>nl</key>

156
Examples/sample-waitForUserEntry.plist Normal file
View File

@@ -0,0 +1,156 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>enrollmentActions</key>
<array>
<dict>
<key>arguments</key>
<array>
<string>-setTimeZone</string>
<string>Europe/Amsterdam</string>
</array>
<key>icon</key>
<string>symbol:clock</string>
<key>label</key>
<dict>
<key>de</key>
<string>Zeitzone setzen</string>
<key>en</key>
<string>Set Time Zone</string>
<key>es</key>
<string>Establecer zona horaria</string>
<key>fr</key>
<string>Définir le fuseau horaire</string>
<key>it</key>
<string>Imposta il fuso orario</string>
<key>nl</key>
<string>Tijdzone instellen</string>
</dict>
<key>requiresRoot</key>
<true/>
<key>shell</key>
<string>/usr/sbin/systemsetup</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_bb4e9c7d19adf8360ff28d666b01e66c35ae3e8d190660ac496d5a8abf4276a8</string>
<key>label</key>
<string>Microsoft 365</string>
<key>policy</key>
<string>install_microsoft365</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_87d2224fa990a47de96f63fb2f84aa3b7304c20a3ff29412f5a7a484745fd2c9</string>
<key>label</key>
<string>Google Chrome</string>
<key>policy</key>
<string>install_chrome</string>
</dict>
<dict>
<key>icon</key>
<string>https://ics.services.jamfcloud.com/icon/hash_d72c39716b456bb647a1cfe01942656bd25dfcdd0faaa147dcce337589b75a8a</string>
<key>label</key>
<string>BBEdit</string>
<key>policy</key>
<string>install_bbedit</string>
</dict>
<dict>
<key>icon</key>
<string>symbol:app.badge</string>
<key>label</key>
<string>Jamf Protect</string>
<key>timeout</key>
<integer>600</integer>
<key>watchPath</key>
<string>/Applications/JamfProtect.app</string>
</dict>
<dict>
<key>label</key>
<dict>
<key>de</key>
<string>Eingaben übermitteln</string>
<key>en</key>
<string>Submit User Entry</string>
<key>fr</key>
<string>Soumettre les entrées</string>
<key>nl</key>
<string>Voer invoer in</string>
</dict>
<key>waitForUserEntry</key>
<string></string>
</dict>
<dict>
<key>icon</key>
<string>symbol:plus.app</string>
<key>label</key>
<dict>
<key>de</key>
<string>Extra Apps für %department%</string>
<key>en</key>
<string>Extra Apps for %department%</string>
<key>fr</key>
<string>Extra Apps pour %department%</string>
<key>nl</key>
<string>Extra Apps voor %department%</string>
</dict>
<key>policy</key>
<string>install_extra_apps</string>
</dict>
</array>
<key>finalCountdown</key>
<integer>30</integer>
<key>icon</key>
<string>name:AppIcon</string>
<key>jssID</key>
<string>$JSSID</string>
<key>message</key>
<dict>
<key>de</key>
<string>Bitte etwas Geduld während Setup Manager deinen neuen Mac konfiguriert.</string>
<key>en</key>
<string>Please be patient while Setup Manager configures your new Mac.</string>
<key>es</key>
<string>Por favor espere mientras Setup Manager configura tu nuevo Mac.</string>
<key>fr</key>
<string>Veuillez être patient pendant que Setup Manager configure votre nouveau Mac.</string>
<key>he</key>
<string>אנא התאזר בסבלנות בזמן ש-Setup Manager מגדיר את ה-Mac החדש שלך</string>
<key>it</key>
<string>Sii paziente mentre Setup Manager configura il tuo nuovo Mac.</string>
<key>nl</key>
<string>Even geduld terwijl Setup Manager je nieuwe Mac configureert.</string>
</dict>
<key>title</key>
<dict>
<key>de</key>
<string>Willkommen!</string>
<key>en</key>
<string>Welcome!</string>
<key>es</key>
<string>¡Bienvenido!</string>
<key>fr</key>
<string>Bienvenu!</string>
<key>he</key>
<string>ברוכים הבאים!</string>
<key>it</key>
<string>Benvenuto!</string>
<key>nl</key>
<string>Welcom!</string>
</dict>
<key>userEntry</key>
<dict>
<key>department</key>
<dict>
<key>options</key>
<array>
<string>Sales</string>
<string>Development</string>
<string>IT</string>
<string>Marketing</string>
</array>
</dict>
</dict>
</dict>
</plist>

2
Examples/uninstall.sh
View File

@@ -37,7 +37,9 @@ fi
echo "removing files"
rm -rfv "$appPath"
rm -v /Library/LaunchDaemons/"$bundleID".plist
rm -v /Library/LaunchAgents/"$bundleID".loginwindow.plist
echo "forgetting $bundleID pkg receipt"
pkgutil --forget "$bundleID"
# rm -v /private/var/db/.JamfSetupEnrollmentDone

25
README.md
View File

@@ -6,12 +6,12 @@ _"Every Assistant has a Manager"_
![Setup Manager Logo](https://img.shields.io/badge/macOS-12%2B-success)
Updates are published in the '[Releases](https://github.com/jamf-concepts/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/jamf-concepts/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
Please report issues, feature requests [as an issue.](https://github.com/jamf-concepts/setup-manager/issues)
We have opened the [discussions](https://github.com/jamf-concepts/setup-manager/discussions) area for questions and more generic feedback.
Updates will be published in the '[Releases](https://github.com/jamf-concepts/setup-manager/releases)' section of the repo. There you can also [download the latest pkg installer](https://github.com/jamf-concepts/setup-manager/releases/latest). You can subscribe to notifications for the repo using the 'Watch' button above.
There is also a [`#jamf-setup-manager`](https://macadmins.slack.com/archives/C078DDLKRDW) channel on the [MacAdmins Slack](https://macadmins.org).
![setup manager progress dialog](Images/setup-manager-progress-screenshot.png)
@@ -20,7 +20,7 @@ There is also a [`#jamf-setup-manager`](https://macadmins.slack.com/archives/C07
There are many enrollment progress tools available for Mac admins, each with their own strengths. Jamf Setup Manager approaches the problem from the perspective of an IT service provider.
Setup Manager offers many of the same features of these utilities but is especially useful for the case where an IT department or provisioning depot wants to ensure that a new Mac is properly configured and assigned before sending the device to its new user. It runs over Setup Assistant before a user is created so it won't interfere with MDM-capable user or the secure token flow for FileVault. You can control which policies and installations Setup Manager runs with a configuration profile.
Setup Manager offers many of the same features of these utilities but is especially useful for the case where an IT department or provisioning depot wants to ensure that a new Mac is properly configured and assigned before sending the device to its new user. It runs over Setup Assistant before a user is created, so it won't interfere with MDM-capable user or the secure token flow for FileVault. You can control which policies and installations Setup Manager runs with a configuration profile.
Setup Manager provides:
@@ -30,7 +30,7 @@ Setup Manager provides:
- zero-touch (user-driven)
- single-touch (tech-driven)
- user initiated enrollment
- handsfree deployment with auto advance
- handsfree deployment with AutoAdvance (beta)
- customized branding
- localized interface and custom text
- support for Jamf Pro and Jamf School
@@ -42,15 +42,18 @@ Setup Manager provides:
- zero-touch and user-initiated deployments (forthcoming)
- [extra installations based on user data entry](Docs/JamfPro-TwoPhase.md)
- [Single-touch workflow with user re-assignment using Jamf Connect](Docs/JamfProConnect-SingleTouch.md)
- handsfree deployment with auto advance and Setup Manager at login window (forthcoming)
- [handsfree deployment with AutoAdvance and Setup Manager at login window (beta)](Docs/JamfPro-LoginWindow.md)
- [Jamf School](Docs/JamfSchool-Setup.md)
- [Extras and Notes](Extras.md)
- [Frequently Asked Questions](FAQ.md)
- [Extras and Notes](Docs/Extras.md)
- [Frequently Asked Questions](Docs/FAQ.md)
- [Webhooks](Docs/Webhooks.md)
## Configuration Profile
The structure of the configuration profile [is documented here](ConfigurationProfile.md).
There is also a [custom schema for Jamf Pro](Docs/Extras.md#custom-json-schema-for-jamf-pro).
## Requirements
Setup Manager requires macOS 12.0.0 or higher. It will work only with Jamf Pro or Jamf School.
@@ -58,11 +61,9 @@ Setup Manager requires macOS 12.0.0 or higher. It will work only with Jamf Pro o
## Known Issues
- Setup Manager will **_not_** launch at enrollment with Auto-Advance enabled, use the option to run at login window
- Setup Manager may **_not_** launch or launch and quit quickly when you disable _all_ Setup Assistant screens, leave at least one Setup Assistant option enabled
- When you install **_Jamf Connect_** during the Prestage together with Setup Manager, you may see Setup Assistant for some time before Setup Manager launches or Setup Manager may not launch at all. Remove Jamf Connect from the Prestage and install it with Setup Manager policy or installomator action.
- Policies that are triggered by `enrollmentComplete` may disrupt Setup Manager running from Prestage/Automated Device Enrollment. Disable or unscope policies triggered by `enrollmentComplete` on devices using Setup Manager.
- In some deployments, Setup Manager attempts to start while Jamf Pro is still installing. Try adding a 30-60 second `wait` action as the first action. We are working on a solution.
- With Jamf School, there will a few seconds after the remote management dialog where Setup Assistant shows before Setup Manager launches. With the Jamf School enrollment architecture, this is unavoidable.
- Setup Manager may **_not_** launch or launch and quit quickly when you disable _all_ Setup Assistant screens, leave at least one Setup Assistant option enabled, or use the option to run at login window
- Policies that are triggered by `enrollmentComplete` may delay or even disrupt Setup Manager running from Prestage/Automated Device Enrollment. Disable or unscope policies triggered by `enrollmentComplete` on devices using Setup Manager.
- In some deployments, Setup Manager attempts to start while Jamf Pro is still installing. Try adding a 30-60 second `wait` action as the first action.
---