Distribute In-House Apps Developed with the Jamf Certificate SDK

If your environment uses in-house apps that have been developed with the Jamf Certificate SDK, you can use Jamf Pro to distribute the app to establish identities to support certificate-based authentication. This can enable Single Sign-On (SSO) or other actions specific to your environment. Jamf Pro allows you to apply a Managed App Configuration to the app during distribution to enable the app to request the necessary certificates.

Note: In-house apps developed with the Jamf Certificate SDK have only been tested with Active Directory Certificate Services (AD CS) as the certificate authority (CA).

For more information about Managed App Configuration, see the following websites:

Requirements

You must ensure that the in-house app you want to distribute has been developed with the Jamf Certificate SDK.

For more information about the requirements for distributing in-house apps, see In-House Apps in the Jamf Pro Administrator's Guide.

Distributing an In-House App Developed with the Jamf Certificate SDK

  1. Log in to Jamf Pro.

  2. Click Devices at the top of the page.

  3. Click Mobile Device Apps.

  4. Click New.

  5. Select In-house app and click Next.

  6. Use the General pane to configure settings for the app, including the distribution method and hosting location.
    If you choose "Distribution Points" or "jamfsoftware database" from the Hosting Location pop-up menu, be sure to upload the archived app file.
    Note: Beginning with iOS 10.3, you can require a mobile device to have a tethered network connection to download the app. A tethered network connection requires a computer with macOS 10.12.4 or later, and must be connected to the Internet via Ethernet and have Wi-Fi turned off. Portable computers must be plugged in to a power source because the tethered caching service prevents computers from going to sleep. Select the Require tethered network connection for app installation checkbox. This checkbox is only displayed if "Install Automatically/Prompt Users to Install" is chosen in the Distribution Method pop-up menu. App updates will not require tethering; this setting is for initial installations of an app only.

  7. Ensure the Make App Managed when possible checkbox is selected.

  8. Click the Scope tab and configure the scope of the app.
    For more information, see Scope in the Jamf Pro Administrator's Guide.

  9. (Optional, iOS only) Click the Self Service tab and configure the way the app is displayed in Self Service. You can customize the text displayed in the description for the app in Self Service by using Markdown in the Description field.
    For information about Markdown, see the following Knowledge Base article:
    Using Markdown to Format Text
    Note: The Self Service tab is only displayed if "Make Available in Self Service" is chosen in the Distribution Method pop-up menu.

  10. Click the App Configuration tab and enter something like the following Managed App Configuration in the Preferences field:

    <dict>

    <key>com.jamf.config.jamfpro.invitation</key>

    <string>$MOBILEDEVICEAPPINVITE</string>

    <key>com.jamf.config.device.udid</key>

    <string>$UDID</string>

    <key>com.jamf.config.jamfpro.url</key>

    <string>https://jamf_pro_server_url/</string>

    <key>com.jamf.config.certificate-request.pkiId</key>

    <string>PKI_ID</string>

    <key>com.jamf.config.certificate-request.template</key>

    <string>certificate_template_name</string>

    <key>com.jamf.config.certificate-request.subject</key>

    <string>certificate_subject</string>

    <key>com.jamf.config.certificate-request.sanType</key>

    <string>subject_alternative_name_type</string>

    <key>com.jamf.config.certificate-request.sanValue</key>

    <string>subject_alternative_name_value</string>

    <key>com.jamf.config.certificate-request.signature</key>

    <string>$JAMF_SIGNATURE_com.jamf.config.certificate-request</string>

    </dict>

    Note: You can add your own key-value pairs to the Managed App Configuration to best fit your environment. The key-value pairs that Jamf Pro requires are prefixed with com.jamf.config.
    For more information about the values you need to enter in the key-value pair for the Managed App Configuration, see the Managed App Configuration Reference for In-House Apps Developed with the Jamf Certificate SDK.

  11. Click Save.

The app is distributed the next time mobile devices in the scope contact Jamf Pro. If users were added as targets to the scope, the app is distributed to the devices those users are assigned to the next time the devices contact Jamf Pro.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.