Skip to main content

Leveraging Alectrona Patch with Jamf Setup Manager

ยท 8 min read
Sam Gibbs
Sam Gibbs
Apple Client Platform Engineer

Jamf Setup Manager is a modern enrollment progress tool that helps guide an end user through the initial setup and configuration experience of a new Mac prior to account creation and landing at the desktop.

This approach by Jamf Setup Manager allows organizations the flexibility of either a zero-touch or a white glove approach to a new Mac's initial configuration, and ensures all required software and configuration items are in place prior to any account creation or login. Alectrona Patch is a perfect compliment for Jamf Setup Manager, allowing required apps to install quickly with minimal configuration and IT overhead.

Demoโ€‹

An example enrollment of a new Mac, leveraging Jamf Setup Manager and installing required apps with Alectrona Patch is shown below.

Recapโ€‹

The above recording walks through a standard enrollment using Jamf Setup Manager with Alectrona Patch. Behind the scenes, configuration profiles for both Jamf Setup Manager and Alectrona Patch are installed during enrollment, along with the installer packages for both apps. As soon as Alectrona Patch is installed, it immediately begins to install apps defined as required to be installed in our supplied configuration profile. Jamf Setup Manager has been configured to simply watch and wait for those apps to be installed. This approach allows for an extremely quick and efficient workflow to get required apps installed, and tying in an SSO authentication requirement also locks in the account details for the end user completing the enrollment.

Once we arrive at the desktop, we can confirm all required apps are installed, our customized dock has been set, the computer has been renamed, and FileVault (along with all other security controls) has been enabled.

This workflow could easily be adjusted and enhanced to leverage additional policies or scripts to execute during Jamf Setup Manager or once arriving at the desktop. In addition, leveraging tools like Jamf Connect or Platform Single-Sign On can further elevate the account creation process.

Configurationโ€‹

Requirementsโ€‹

From a high level, the below items are required for a fully working integration of Jamf Setup Manager and Alectrona Patch:

Configuring Alectrona Patchโ€‹

We recommend following our documentation to configure Alectrona Patch to Deploy with Jamf Pro. In your configuration for Alectrona Patch, you can leverage the InstallorUpdate functionality in Alectrona Patch to ensure your organization's required apps are not only installed quickly and efficiently during enrollment with Jamf Setup Manager, but are enforced and kept installed on all endpoints.

To configure this functionality, ensure your Alectrona Profile configuration targeting the com.alectrona.patch-agent domain has the InstallorUpdate key and a list all apps from the Alectrona Patch catalog that you would like installed during enrollment:

<key>InstallOrUpdate</key>
<array>
    <string>1password</string>
    <string>google-chrome</string>
    <string>google-drive</string>
    <string>slack</string>
    <string>ringcentral-glip</string>
    <string>zoom-us</string>
    <string>dockutil</string>
</array>

A full example configuration profile for Patch, geared for a Jamf Setup Manager enrollment, is available to be reviewed and imported into Alectrona Patch Desktop.

Configuring Jamf Setup Managerโ€‹

Our sample configuration profile is available for you to review and leverage, and consists of the following keys:

  • title: This string sets the title that appears at the top of the Jamf Setup Manager window
  • banner: A link (or locally installed file) to your banner image
  • icon: The icon that appears at the top of the Jamf Setup Manager window. For this demo, we simply leverage the enrolled computer's hardware icon
  • startingMessage: This is a custom message that can be shown during the Getting Ready phase of JSM. Since this phase can take a few minutes to complete, we strongly recommend setting this key along with a custom message tailed to your organization
  • tileColor: Set the background color for all action tiles. In this configuration we leverage the ##automatic option that sets a unique background for each action based on the tile's icon and lends to a more modern look and feel
  • help: This can be leveraged to provide a custom message and support URL for folks who run into issues during enrollment
  • enrollmentActions: In our example configuration, we re-used template examples to install Rosetta and set a Time Zone to help illustrate how scripts or policies could be called. In addition, Jamf Protect is configured to be deployed automatically via an integration with Jamf Pro. For app installations leveraged through Alectrona Patch, we are setting the below keys for each required app:
    • icon: A URL for the listed app's icon. To gather this for an in the Alectrona Patch app catalog, run sudo patch list app-name and reference the URL specified in the icon field
    • label: The name of the app that is displayed in Jamf Setup Manager
    • wait : Set this to untilExists to ensure JSM waits to detect when the app is installed
    • watchPath: You can define where JSM should monitor to detect when the app is installed. For example, for Google Chrome, you'd use /Applications/Google Chrome.app/
    • timeout: The default timeout period for each app in JSM is 600 seconds (10 minutes). We recommend having a much shorter timeout period, such as 120 to ensure a better user experience if the app fails to install.

Configuring Jamf Proโ€‹

With configuration profiles for Alectrona Patch and Jamf Setup Manager built and ready, the below pieces are the final items needed to complete an initial config.

  • Upload the latest Alectrona Patch and Jamf Setup Manager installers to Jamf Pro
  • Create a new PreStage Enrollment for Jamf Setup Manager and configure with your organization's typical configuration for Enrollment Requirements, Setup Assistant Options (ensure at least one option like Location Services is not selected to be skipped), and Account Settings
  • If opting to leverage authentication during enrollment similar to our example video, you can look to enable an enrollment customization to enable an SSO pane for your IdP
  • Under Configuration Profiles, ensure that all required configuration profiles are in scope and selected
    • Jamf Setup Manager configuration profile
    • Alectrona Patch Configuration and any relevant/additional configuration profiles (PPPC, Background item management, etc.)
    • FileVault configuration profile (if enforcing FileVault in Setup Assistant)
  • Under Enrollment Packages, add both packages you previously uploaded for Alectrona Patch and Jamf Setup Manager. Ensure you have Distribution Point not set to None
  • Additional configuration can include having a policy/policies set to run on Login (or any other desired trigger) as a post enrollment action once the end user arrives at the desktop

Testing and Troubleshootingโ€‹

With all the required objects in place, ensure your test Mac is in scope of the newly created enrollment profile and relevant configuration profiles. Erase and restore the test Mac, and during enrollment confirm Jamf Setup Manager appears as expected along with your configured app installation behavior.

To review logs and troubleshoot potential issues during the Jamf Setup Manager enrollment, press CMD + L to open the log window. This log window will reveal logs for Jamf Setup Manager, Jamf Pro, and the default install.log for macOS.

Jamf Setup Manager Logs

To view the log for Alectrona Patch, press CTL + OPTION + CMD + T on your keyboard to open the Terminal window. You can resize the window, and then enter tail -f /var/log/alectrona-patch.log to review the log.

Alectrona Patch Logs

For additional Jamf Setup Manager related examples, troubleshooting, and FAQs, we encourage you to review the Jamf Setup Manager Docs. In the MacAdmins Slack, the #alectrona-patch and #jamf-setup-manager are additional resources.

Summaryโ€‹

Combining Jamf Setup Manager with Alectrona Patch creates a frictionless, highly efficient onboarding experience for both IT teams and end-users. By ensuring all critical apps are installed, updated, and configured before the user even reaches the desktop, you can dramatically reduce setup time and initial support tickets. We highly encourage you to test this workflow in your own environment to see how smoothly a zero-touch or white-glove deployment can run. If you haven't experienced the benefits of automated Mac application management yet, there is no better time โ€” start a free trial of Alectrona Patch today and take your deployments to the next level!