Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 114

Add apple mdm overview diagram (#22840)

Browse source
This commit is contained in:
Dante Catalfamo 2024-10-15 14:27:41 -04:00 committed by GitHub
parent f2fedb0187
commit aea5c90f9a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 47 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
tools/mdm/apple/glossary-and-protocols.md
View file

@ -1,3 +1,50 @@
## Overview
```mermaid
sequenceDiagram
participant apns as APNS
participant mac as Mac
participant server as fleet server
note over server: Server sends automatic enrollment<br/>endpoint details to ABM as part of a<br/>ADE/DEP configuration cron job
alt Automatic Authenticated Enrollment
mac->>server: GET /api/v1/fleet/sso<br/>(endpoint configured using ADE)<br/>Opens authetication webpage in a webview
server->>mac: Enrollment Profile (specific response headers)
else Automatic Enrollment
mac->>server: GET /api/mdm/apple/enroll<br/>(endpoint configured using ADE)
server->>mac: Enrollment profile
else Manual Enrollment
note over mac,server: User downloads a profile<br/>containing the OTA endpoint
mac->>server: POST /api/latest/fleet/ota_enrollment
mac->server: Throw-away SCEP flow
server->>mac: Enrollment profile
end
mac->>server: GET /mdm/apple/scep?operation=GetCACaps<br/>SCEP Catability Check
server->>mac: List of SCEP catabilities
mac->>server: POST /mdm/apple/scep?operation=PKIOperation<br/>Certificate Signing Request
server->>mac: Signed Certificate
mac->>server: POST /mdm/apple/mdm<br/>MessageType: Authenticate<br/>Push notification token
server->>mac: 200 OK
mac->>server: POST /mdm/apple/mdm<br/>MessageType: Bootstrap Token<br/>Used to help grant Secure Tokens<br/>and erase the device
server->>mac: 200 OK
mac->>server: POST /mdm/apple/mdm<br/>MessageType: TokenUpdate
server->>mac: 200 OK
loop MDM mTLS
server->>apns: MDM Push Notification
apns->>mac: Push Notification
mac->>server: PUT /mdm/apple/mdm<br/>Status: Idle
server->>mac: Command
mac->>server: PUT /mdm/apple/mdm<br/>Acknowledged
server-->>mac: More commands...
end
```
## Glossary
### SCEP: Simple Certificate Enrollment Protocol