Help

Allow non-admin to install app from Self-Service

esheldon76
New Contributor

Posted on ‎10-20-2015 08:25 AM

Hello all,

Sorry if this is covered elsewhere, but I couldn't find it. We're a PC shop, rolling out Macs and using JSS. Went through the JumpStart but still fuzzy on some things, and trying to learn how to use Macs in our environment without making our end users go nuts. What I've got setup is a few apps in the Self-Service purchased through VPP and I want the users to be able to install what they need without having to be asked for an Apple ID. The users are non-admins on the machines. We're running current versions of all software except OS X, which is on Yosemite. One quick app we can use as an example is Microsoft's RDP. Everything shows in the Self-Service fine for the user, but when they click to install it, they are prompted for their Apple ID. I'd like for it to use the one we purchased it with, and not prompt the user. Is that possible?

0 Kudos
6 REPLIES 6

davidacland
Honored Contributor II
Honored Contributor II

Posted on ‎10-20-2015 08:43 AM

If you're using standard VPP managed distribution it will want to associate the app to an Apple ID when it deploys via Self Service (or automatically).

The newest version allows you to deploy to devices rather than Apple IDs, although (and I could well be wrong here), I was under the impression this is only available through Casper for iOS devices at the moment.

Not sure if 9.81 has added the capability for El Capitan as well.

The traditional (alternative) route has been to use this method to create the installer package: https://derflounder.wordpress.com/2013/08/22/downloading-apples-server-app-installer-package/

Although that would tie it to a single Apple iD.

0 Kudos

jpilege
New Contributor III

Posted on ‎10-20-2015 08:49 AM

Hi @esheldon76 ,

From what I have seen and done you won't be able to use the AppleID that you have associated with VPP. You will need to invite users to your VPP, which will associate their AppleID with the one that you are using to purchase apps. They can setup a new account to associate their work email or have them use their personal AppleID. If they setup an ID with their work account you can recover the account after they leave by resetting the password.

As long as you use the managed distribution and have the policies in the JSS setup correctly, they won't need admin rights. If they are logged into the App Store with their AppleID they won't be asked for their password.

With the managed distribution, you can assign the apps to your users and retrieve the licenses when they leave or no longer need it. This way the licenses are assigned under your company and aren't under their AppleID.

Let me know if this helps or if you have any other questions.

0 Kudos

jarradyuhas
Contributor

Posted on ‎10-20-2015 09:36 AM

A method that we've used is to install the software while using Composer and create a package to deploy via self service. We do this with many app store apps, we just make sure to maintain all of the updates and ensure that we have purchased enough licensing for any paid apps.

0 Kudos

jkuo
Contributor

Posted on ‎10-20-2015 01:41 PM

@esheldon76 - The easiest way I've found to do this is to use Apple Package Maker. The process is like this:

  1. Download the Application you want on whatever AppleID using the App Store.
  2. Package it up using Package Maker.
  3. Upload that pkg file to your distribution point
  4. Create a Self-Service policy

Then, you don't need to bother with VPP at all, they just download a standard app package via Self Service. This works perfectly for any free apps from the Apple App Store.

You can download Package Maker here using whatever free Apple Developer ID you have:

Package Maker Download

For simple things like Microsoft Remote Desktop, Package Maker is really straightforward - just drag the application into the left sidebar, pick a destination, then build the package. It'll look like this:

41b2613cc2b84674b0ca520f1e98c9d3

Hope that helps, let me know if you have any questions!

Thanks,
Jason

0 Kudos

bpavlov
Honored Contributor

Posted on ‎10-20-2015 02:09 PM

@jkuo Pretty sure PackageMaker has been deprecated for quite sometime now and Apple recommends pkgbuild, productbuild, and pkgutil accordingly to do their packaging. Other apps that are more updated and similar to PackageMaker would be Composer and Packages: http://s.sudre.free.fr/Software/Packages/about.html

Also, your method would leave the _MASReceipt inside the app bundle which means that during updates it will prompt the user for the password for the Apple ID that downloaded the apps. That's no good and should be avoided.

Follow the post by @davidacland. Although he says that it ties the app to one Apple ID, the MAS installer does not contain the _MASReceipt which is what ties it to an Apple ID on the computer. This way the app isn't picked up by the Mac App Store as an app needing updates from another Apple ID account.

0 Kudos

jkuo
Contributor

Posted on ‎10-20-2015 02:18 PM

@bpavlov - yep, it hasn't been updated in a long time, but for simple deployments like this one it'll work, especially if you manage the whole software process using Self Service. All updates would happen directly with Self Service, which would avoid the App Store altogether.

Thanks for the tips though regarding the _MASReceipt, I'll have to revisit my process!

0 Kudos