- 26 Aug 2024
- 7 読む分
- 印刷する
- PDF
Installing Enterprise Apps (PKG files) to macOS devices
- 更新日 26 Aug 2024
- 7 読む分
- 印刷する
- PDF
Deploying, Installing and updating enterprise applications is an important management activity for IT Teams across organizations. For macOS devices, IT Admins have the choice of remotely deploying applications available in the Apple store using Apple VPP, but there might be a need to distribute an Enterprise (in-house) app or Enterprise installer of a third-party app like Zoom or Firefox.
Scalefusion facilitates the distribution of Enterprise Apps via its Enterprise Store functionality and allows for the distribution of Signed PKG files.
PKG files are compressed installer files generated & signed by the app developers using the productbuild command or a third-party packaging tool. These are the standard formats for Enterprise installation, and Apple MDM protocol provides inherent support for these formats, making them a preferred choice of distribution for Scalefusion as well.
This document helps you to understand the steps involved in distributing PKG files. If you are looking to deploy Apple VPP apps, then please refer to this guide, and if you are trying to repackage a DMG, then please refer to this guide.
Prerequisites
- Scalefusion-managed macOS device.
- A master/additional macOS device to extract App Info (One time step).
- Suitable Scalefusion Plan that supports Enterprise Store. To know more about this, please visit here.
- Signed PKG File.
- Unsigned PKG files cannot be distributed via Scalefusion. Please refer to our guide on Signing PKG files to sign the pkg file.
- The PKG file should contain a DistributionInfo file and PackageInfo file for it to be parsed and distributed via Scalefusion Dashboard.
Step 1: Obtaining Application Information
Not all macOS applications or package archives are built alike, and this causes some issues while distributing them via an MDM provider such as Scalefusion. Apart from the requirement to have a signed package file, Scalefusion also needs the application information like Bundle ID and Version to be able to report the installation status properly. Scalefusion parses the PKG file to extract this information, but due to the way they are packaged, sometimes the information is absent or at times, it does not match the actual information when the app is installed.
If you are the developer of the app or the app was developed in-house, then you can contact the developer for this information, but if you are trying to upload a third-party enterprise installer like Zoom or Firefox, then this information may not be handy, and hence we suggest the following steps before you actually upload and deploy the app. Follow the steps below to get the required information,
- Install the PKG file that you want to deploy/distribute on a master/additional Mac device. In this example, we will use Zoom, which has been downloaded and installed.
- Once installed, navigate to the Applications folder to get the name of the application. In this case, the name is zoom.us
- Now open a Terminalwindow and extract the following information,
- Bundle Id: Type in the following command to get the Bundle Id, replacing zoom.uswith your App Name.JavaScript
This would print out the following output, Copy the highlighted part (without the quotes), which will be used in Step 2mdls -name kMDItemCFBundleIdentifier /Applications/zoom.us.app
- Version Info: Type in the following command to get the Version Info, replacing zoom.us with your App Name.JavaScript
This would print out the following output, Copy the highlighted part (without the quotes), which will be used in Step 2mdls -name kMDItemVersion /Applications/zoom.us.app
- Bundle Id: Type in the following command to get the Bundle Id, replacing zoom.uswith your App Name.
Step 2: Uploading an Enterprise Application
Once you have the app information, the next steps are very easy, and if you are familiar with the Scalefusion Enterprise store for other platforms, then they are pretty much the same. Follow the steps below,
- Sign In to Scalefusion Dashboard and navigate to Enterprise > My Apps > Enterprise Store. Click on Upload New App > Upload macOS App
- In the Upload wizard, you can upload a local file from your computer or provide a link to an external downloadable PKG file hosted in Amazon S3 or some other cloud storage. Click Next once done, which would upload and parse the file for its validity.
- If the PKG file being uploaded is signed, then you will see the following screen asking you to confirm the App Details. You can change or provide the app details that we obtained in Step 1 and click SAVE.
- Make sure to update the App Name, Bundle ID, and App Version, If they are not correct, then the Installation will succeed, but the installed status will not be updated on the Scalefusion Dashboard.
- The logo is an optional item and for your reference on the Dashboard only. It has NO IMPACT on installation.
Step 3: Publishing the App & Viewing Status
- Once the app is uploaded, it will appear in the list of applications, and clicking on it will allow you to Publish or Uninstall the app.
- Click on PUBLISH to select the target Device Profiles, and click PUBLISHagain.
- Publish/Override this version on Devices with direct mappings: In the Publish dialog, this flag will be visible when the setting Enable Applications to be published to Devices in a Group or profile is toggled on from Utilities > Global Settings > General Settings. If enabled, all direct mappings of this App from devices selected in Devices tab (older versions or newer versions), are removed and the currently mapped version is being pushed to the devices.
- Once the application has been published, you can click on View Status on the information panel to get the status of app installations. Note that this would not give you an accurate account if the App Bundle ID and Version information were not updated.
Uninstalling a macOS Application
macOS MDM protocol does not support remote uninstallation of applications. Hence Scalefusion offers the capability to Unpublish, which would make sure that the app is no longer associated with the Device Profiles and will not be made available to new devices.
To Unpublish an application, click UNPUBLISH on the information panel, select the target device profiles from where you want this app to be uninstalled and click UNPUBLISH.
Stop the Rollout of an Enterprise Application
Sometimes you may want to stop the rollout of Enterprise applications that have been published to groups or profiles, for example, if a wrong version is being pushed. You can stop the rollout of such apps, which only unpublishes the app from selected Groups or Profiles.
To stop the rollout,
- Select the Enterprise app and click on Stop Rollout in the right side panel.
- This opens the following dialog box. Choose the Group or Profile on which you want to stop the app's rollout. Only the entities where the app has been published will be displayed here.
- After selecting, click on the button Stop rollout
- When executed,
- The application will be unpublished, and it will not be installed on devices where it is not installed yet.
- The Stop rollout button will no longer be visible in the right-side panel
Important Points on Stop Rollout's Execution
- You cannot stop the rollout of an app that is already installed on the device.
- On devices where downloading of the app has not started, the app will not be installed.
- On devices newly enrolled or moved to a device profile, the app will not be installed after the stop rollout.
- On such apps, View Status shows the App Status as Rollout Stopped.
Frequently Asked Questions
Question: We see that the application is installed on the devices, but on the Dashboard, it does not get reported as installed.
Answer: To track installation status properly, Scalefusion would need the exact Bundle ID and Version information while the application is being uploaded. We would recommend you extract the relevant information using the steps in Step 1 before uploading the app and then editing/adding the App information post uploading the PKG file.
Question: We get an error that Please make sure that the PKG file is signed, but we don't have a signed version of the PKG file.
Answer: If you are the developer of the application or you have an Apple developer account, then you can follow the steps here to sign the application.
Question: I have pushed the app for installation, but it is not installed on the Mac device. What is the reason?
Answer: Please ensure the following settings are done on the Mac Device Profile that was selected during app installation:
- Under Restrictions > Apps, the following settings should be unchecked
- Require admin password to install or update apps
- Restrict App Store to MDM-installed apps and software updates
- In Security & Privacy > General, make sure Mac App Store and Identified developers are chosen under Configure Gatekeeper settings