Managed App Configuration Reference for In-House Apps Developed with the Jamf Certificate SDK

Managed app configuration is a set of key-value pairs used to configure iOS applications. You can use managed app configuration to configure and customize Jamf-managed apps for your organization.

The following table explains the key-value pairs that Jamf Pro requires in the Managed App Configuration for in-house apps developed with the Jamf Certificate SDK. All key-value pairs that Jamf Pro requires are represented as a string. The values you must enter in the strings are specific to your organization.

Key-Value PairDescription
<key>com.jamf.config.jamfpro.invitation</key>
<string>$MOBILEDEVICEAPPINVITE</string>

Jamf Pro Invitation

The Jamf Pro Invitation is a unique string that is generated by Jamf Pro. The Jamf Pro Invitation ensures that the MDM server the device is managed by matches the server specified in the com.jamf.config.jamfpro.url key-value pair. The value entered for the string must be $MOBILEDEVICEAPPINVITE.

<key>com.jamf.config.device.udid</key>
<string>$UDID</string>

Device UDID

The device UDID is the UDID of the device the in-house app is installed on. The value entered for the string must be $UDID.

<key>com.jamf.config.jamfpro.url</key>
<string>https://jamf_pro_server_url/</string>

Jamf Pro URL

The Jamf Pro URL is the Jamf Pro server instance in which mobile devices are enrolled. Your full Jamf Pro URL must be entered in the string. This includes the correct protocol, fully qualified domain name (FQDN), and port of the server.
<key>com.jamf.config.certificate-request.pkiId</key>
<string>PKI_ID</string>

Certificate Request PKI ID

The certificate request PKI ID is the ID of an Active Directory Certificate Service (AD CS) instance in Jamf Pro. It is used during certificate generation and is specific to your organization.

<key>com.jamf.config.certificate-request.template</key>
<string>certificate_template_name</string>

Certificate Request Template Name

The certificate request template name is the name of the certificate template, usually Machine or User. It is used during certificate generation and is specific to your organization.

<key>com.jamf.config.certificate-request.subject</key>
<string>cn=$SERIALNUMBER</string>

Certificate Request Subject

The certificate request subject is the certificate subject that is the representation of a X.500 name (e.g., O=CompanyName, CN=FOO). It is used during certificate generation and is specific to your organization.

Note:

This value can be dynamically supplied by Jamf Pro using variables . For more information about variables in Jamf Pro, see Payload Variables for Mobile Device Configuration Profiles in the Jamf Pro Documentation.

<key>com.jamf.config.certificate-request.sanType</key>
<string>subject_alternative_name_type</string>

Certificate Request Subject Alternative Name Type

The certificate request subject alternative name type is the type of a subject alternative name. It is used during certificate generation and is specific to your organization.

<key>com.jamf.config.certificate-request.sanValue</key>
<string>subject_alternative_name_value</string>

Certificate Request Subject Alternative Name Value

The certificate request subject alternative name value is the value of the subject alternative name. It is used during certificate generation and is specific to your organization.

Note:

This value can be dynamically supplied by Jamf Pro using variables . For more information about variables in Jamf Pro, see Payload Variables for Mobile Device Configuration Profiles in the Jamf Pro Documentation.

<key>com.jamf.config.certificate-request.signature</key>
<string>$JAMF_SIGNATURE_com.jamf.config.certificate-request</string>

Certificate Request Signature

Jamf Pro replaces this value with a cryptographic signature of the values related to the certificate request. This signature is verified by the SDK before issuing a certificate to verify that values have not been tampered with. The value entered for the string must be $JAMF_SIGNATURE_com.jamf.config.certificate-request.