Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-04 13:59:01 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 70
fleet/docs/Contributing/product-groups/mdm/custom-configuration-web-url.md
Rachael Shaw 25191f3054
Preview of v4.77.0 doc changes (#35924) 
This PR will remain in draft as a preview of upcoming documentation
changes for 4.77.0

---------

Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
Co-authored-by: Victor Lyuboslavsky <2685025+getvictor@users.noreply.github.com>
Co-authored-by: Ian Littman <iansltx@gmail.com>
Co-authored-by: Noah Talerman <noahtal@umich.edu>
Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Co-authored-by: Magnus Jensen <magnus@fleetdm.com>
Co-authored-by: Jordan Montgomery <elijah.jordan.montgomery@gmail.com>
Co-authored-by: Janis Watts <184028114+jmwatts@users.noreply.github.com>
Co-authored-by: Allen Houchins <32207388+allenhouchins@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
Co-authored-by: Scott Gress <scottmgress@gmail.com>
Co-authored-by: Carlo <1778532+cdcme@users.noreply.github.com>
2025-12-02 17:24:15 -06:00

2.1 KiB
Raw Blame History

Custom configuration web URL

In Fleet, you can require end users to authenticate with your identity provider (IdP) before they can use their new Mac.

Some customers require end users to authenticate with a custom web application instead of an IdP.

How to require end users to authenticate with a custom web application:

  1. Use Fleet's team YAML to create a "Workstations" team.

  2. Create an automatic enrollment (DEP) profile w/ the configuration_web_url set to the URL of the custom web application and await_device_configured set to true.

  3. In the "Workstations" team YAML, set the macos_setup_assistant option to the DEP profile.

  4. In the Fleet UI, go to Settings > Integrations > Automatic enrollment > Apple Business manager and set the Team to "Workstations".

  5. Update the custom web application to send a manual enrollment profile, with the end user's email, to a Mac after the end user enters valid credentials. Here's an example snippet of an enrollment profile:

<dict>
	<key>EndUserEmail</key>
	<string>user@example.com</string>
</dict>

You can use Fleet's API to get the manual enrollment profile.

  1. Update the custom web application to wait until the fleetd agent is installed on the new Mac and then do the following steps.

  2. Make a request to the GET /hosts API endpoint w/ the end user's email as a query param to get the Mac's hardware UUID. Example API request: GET /hosts?query=user@example.com.

  3. Make a request to Fleet's MDM command API to pre-fill the end user's local macOS account via the AccountConfiguration MDM command.

  4. Make a request to Fleet's MDM command API to send the Release Device from Await Configuration MDM command to allow the device through to the next step in the set up.