24 Apr Readying Apple Server’s Profile Manager for Ivanti Endpoint Manager
To create or edit configuration profiles beyond the out-of-the-box compliance or connectivity settings, the Exchange settings or a subset of Security settings inside Ivanti’s Management Suite, you’ll need to install Apple’s Server app and configure Profile Manager.
When installed and configured, you will be able to build any type of profile supported by Apple – which has significantly more options than what comes out-of-the-box with Ivanti.
Now, to be clear, your iOS and macOS clients will not need access to this macOS Server, so feel free to install this on a virtual machine if need be. Ivanti’s Management Suite will still be doing all of hte heavy lifting here. You’ll only be using the Server when you build a profile. Once the profile is built and you’ve copied the .mobileconfig file to a file share, you can shut it down.
Also, because I know everyone is busy, it’s helpful for you to know that installing Profile Manager will consume less than 30 minutes of your time. Just follow these installation and configuration steps and you’ll be ready to create new profiles within the hour.
Part 1 – Install Server for macOS
- On the desired Mac that’ll act as your macOS Server, purchase and install the Server app from the Mac App Store.
- Launch the Server app.
- Click the Continue button on the Server setup panel.
- Agree to the Software License Agreement and provide credentials for an admin account.
- Close the server tutorials if it pops.
Part 2 – Configure Profile Manager within the Server App
- Click on Profile Manger from the Services menu tree.
- Press the On button at the top right to enable the service.
- Agree to changing how your password is stored.
- Click on the Configure button next to Device Management.
- Click Next on the Configure Device Management panel.
- Click Next on the Configure Network Users and Groups.
- Provide a Directory Admin password (Profile Manager is configuring Open Directory at this point) and click Next.
- Provide an Organization Name and Admin Email Password and click Next.
- Confirm your settings and click the Set Up button.
- Provide additional Organization Information and click Next.
- Provide an Apple ID and Password to generate an APNS certificate (this wont’ be used by Ivanti).
- Click Finish.
Part 3 – Bind Your macOS Server to Your Domain (Optional)
In order to push profiles to Active Directory groups, rather than to just devices, you need to bind the Mac to Active Directory.
Groups View Without Active Directory Binding
Groups View With Active Directory Binding
- Go to Spotlight and search for the Directory Utility application
- Or browse to it and launch it from System > Library > CoreServices > Applications
- Unlock the Directory Utility panel by clicking on the lock at the bottom left.
- Provide an admin username and password.
- Double-click on the Active Directory menu item.
- Enter your Active Directory name in the Active Directory Domain box.
- Set the Computer ID if need be.
- Click the Bind…button.
- Provide valid Active Directory credentials to bind the machine.
- Click the drop down arrow.
- Set any applicable options such as mobile account at login or administration accounts.
- Click OK when finished.
You now have Server for macOS up and running with Profile Manager ready to create any number of profile configurations. To access it, and begin the discovery process of just what can be done, open a web browser and enter the URL https://profileManagerServerName/profilemanager/.