Distributing an In-House App Developed with the Jamf Certificate SDK

If your environment uses in-house apps that have been developed with the Jamf Certificate SDK, you can use Jamf Pro to distribute the app to establish identities to support certificate-based authentication. This can enable single sign-on (SSO) or other actions specific to your environment. Jamf Pro allows you to apply a Managed App Configuration to the app during distribution to enable the app to request the necessary certificates.

Note:

In-house apps developed with the Jamf Certificate SDK have only been tested with Active Directory Certificate Services (AD CS) as the certificate authority (CA).

For more information about Managed App Configuration, see the following resources:

Requirements

The in-house app you want to distribute must be developed with the Jamf Certificate SDK.

For more information about the requirements for distributing in-house apps, see In-House Apps in the Jamf Pro Documentation.

  1. In Jamf Pro, click Devices at the top of the sidebar.
  2. Click Mobile Device Apps in the sidebar.
  3. Click New .
  4. Select In-house app and click Next.
  5. Use the General pane to configure settings for the app, including the distribution method and hosting location.

    If you choose Distribution Points or jamfsoftware database from the Hosting Location pop-up menu, make sure to upload the archived app file.

  6. Ensure the Make App Managed when possible checkbox is selected.
  7. Click the Scope tab and configure the scope of the app.
  8. (Optional) (iOS only) Click theSelf Service tab and configure the way the app is displayed in Self Service.

    You can customize the text displayed in the description for the app in Self Service by using Markdown in the Description field. For information about Markdown, see the Using Markdown to Format Text article.

    Note: The Self Service tab only displays if Make Available in Self Service is chosen in the Distribution Method pop-up menu.
  9. Click the App Configuration tab and enter your managed app configuration in the Preferences field, similar to the following:
    <dict>
<key>com.jamf.config.jamfpro.invitation</key>
<string>$MOBILEDEVICEAPPINVITE</string>
<key>com.jamf.config.device.udid</key>
<string>$UDID</string>
<key>com.jamf.config.jamfpro.url</key>
<string>https://jamf_pro_server_url/</string>
<key>com.jamf.config.certificate-request.pkiId</key>
<string>PKI_ID</string>
<key>com.jamf.config.certificate-request.template</key>
<string>certificate_template_name</string>
<key>com.jamf.config.certificate-request.subject</key>
<string>certificate_subject</string>
<key>com.jamf.config.certificate-request.sanType</key>
<string>subject_alternative_name_type</string>
<key>com.jamf.config.certificate-request.sanValue</key>
<string>subject_alternative_name_value</string>
<key>com.jamf.config.certificate-request.signature</key>
<string>$JAMF_SIGNATURE_com.jamf.config.certificate-request</string>
</dict>
    Note:

    You can add your own key-value pairs to the Managed App Configuration to best fit your environment. The key-value pairs that Jamf Pro requires are prefixed with com.jamf.config. For more information about the values you need to enter in the key-value pairs for the Managed App Configuration, see the Managed App Configuration Reference for In-House Apps Developed with the Jamf Certificate SDK.

  10. Click Save .
The app is distributed the next time mobile devices in the scope contact Jamf Pro. If users were added as targets to the scope, the app is distributed to the devices those users are assigned the next time the devices contact Jamf Pro.