Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/tools/mdm/apple/toggle-mdm-dev.md
melpike 75982f44de
Rename Apple Business Manager in UI (#42584) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #42512

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
2026-04-08 11:14:19 -06:00

3 KiB
Raw Blame History

Using toggle-mdm-dev to enable and disable MDM (Mobile Device Management) / AB (Apple Business) for development

  1. Set up all of the necessary credentials for using MDM and AB as outlined in the MDM setup and testing docs. Take note of the path where you've stored these credentials.

  2. Make a fleet env file containing the following or similar logic, including the above path where specified:

  if [[ $USE_MDM == "1" ]]; then

  # MDM Feature Flag:

  MDM_PATH="{Replace this string, including braces, with the path to your credentials}"

  # Apple Push Certificates
  export FLEET_MDM_APPLE_SCEP_CHALLENGE=scepchallenge
  export FLEET_MDM_APPLE_SCEP_CERT=$MDM_PATH"fleet-mdm-apple-scep.crt"
  export FLEET_MDM_APPLE_SCEP_KEY=$MDM_PATH"fleet-mdm-apple-scep.key"

  # Apple Push Notification Service (APNS) credentials
  export FLEET_MDM_APPLE_APNS_CERT=$MDM_PATH"mdmcert.download.push.pem"
  export FLEET_MDM_APPLE_APNS_KEY=$MDM_PATH"mdmcert.download.push.key"

  # Apple Business (AB) credentials
  export FLEET_MDM_APPLE_BM_SERVER_TOKEN=$MDM_PATH"downloadtoken.p7m"
  export FLEET_MDM_APPLE_BM_CERT=$MDM_PATH"fleet-apple-mdm-bm-public-key.crt"
  export FLEET_MDM_APPLE_BM_KEY=$MDM_PATH"fleet-apple-mdm-bm-private.key"

  else

  unset FLEET_MDM_APPLE_SCEP_CHALLENGE
  unset FLEET_MDM_APPLE_SCEP_CERT
  unset FLEET_MDM_APPLE_SCEP_KEY
  unset FLEET_MDM_APPLE_BM_SERVER_TOKEN
  unset FLEET_MDM_APPLE_BM_CERT
  unset FLEET_MDM_APPLE_BM_KEY
  #below files are from the shared Fleet 1Password
  unset FLEET_MDM_APPLE_APNS_CERT
  unset FLEET_MDM_APPLE_APNS_KEY
  fi
  1. If you haven't already, add an environment variable called FLEET_ENV_PATH to your shell config file. Source it or open a new shell.
  2. Add the directory containing toggle-mdm-dev, likely this one, to your $PATH. If you did that by adding it to your shell config, source it or open a new shell.
  3. To toggle MDM and AB, execute source toggle-mdm-dev
  4. To enable MDM without AB set up, comment out the variables in your env file pointing to the various credentials (like below), then source toggle-mdm-dev twice, to toggle off then back on again, the MDM feature flag.
if [[ $USE_MDM == "1" ]]; then

# MDM_PATH="/Users/jacob/.envs/fleet_env/mdm/"

# # Apple Push Certificates
# export FLEET_MDM_APPLE_SCEP_CHALLENGE=scepchallenge
# export FLEET_MDM_APPLE_SCEP_CERT=$MDM_PATH"fleet-mdm-apple-scep.crt"
# export FLEET_MDM_APPLE_SCEP_KEY=$MDM_PATH"fleet-mdm-apple-scep.key"

# # APNS credentials from Fleet shared 1Password
# export FLEET_MDM_APPLE_APNS_CERT=$MDM_PATH"mdmcert.download.push.pem"
# export FLEET_MDM_APPLE_APNS_KEY=$MDM_PATH"mdmcert.download.push.key"

# # Apple Business
# export FLEET_MDM_APPLE_BM_SERVER_TOKEN=$MDM_PATH"downloadtoken.p7m"
# export FLEET_MDM_APPLE_BM_CERT=$MDM_PATH"fleet-apple-mdm-bm-public-key.crt"
# export FLEET_MDM_APPLE_BM_KEY=$MDM_PATH"fleet-apple-mdm-bm-private.key"