Mac application management

This topic describes how to use open-source management tools specifically designed for the Mac platform (including Munki and AutoPkg) to manage applications on enrolled macOS devices.

These tools allow you to:

• deploy applications (.dmg, .pkg, .app, .mobileconfig, .mpkg) to Mac users,
• update Mac applications, and
• add pre- and post-install scripts.

For additional information about Munki and AutoPkg, refer to:

• https://github.com/munki/munki/wiki/Overview, and
• https://github.com/autopkg/autopkg/wiki.

The plugins for Munki and AutoPkg allow application packages to be maintained in a CyberArk-hosted Munki repository on a private tenant. Mac applications are added to the Munki repository either manually using Munki tools or automatically by adding recipes to Autopkg. These applications are then deployed to users’ Macs that are trusted through http certificate-based authentication.

In addition, Munki tools are configured for you during enrollment. CyberArk’s installation package for AutoPkg runs scripts that configure AutoPkg tools for you. For example, you don't need to perform configuration steps such as building and populating the repository, configuring a web server, creating client manifests, and configuring the admin’s Mac to communicate with the repository. Refer to https://github.com/munki/munki/wiki/Demonstration-Setup for more information about typical Munki configuration tasks required without CyberArk.

The following illustrates the different components of CyberArk Mac App Management. 

	Component	Description
1	User’s Mac	A Mac device enrolled in CyberArk Identity for your users. Enrolling in CyberArk Identity installs the Managed Software Center, which is an application that installs and updates software on the user’s Mac based on manifests and catalogs in the repository hosted by CyberArk Identity.
2	Admin’s Mac	A Mac device enrolled in CyberArk Identity for an administrator. You manage applications for your users using the following tools and software installed on the admin’s Mac. Munki tools AutoPkg Git
3	Munki repository	Hosted by CyberArk Identity and includes the applications, catalogs, and manifests that the Managed Software Center uses to manage applications on users’ Macs.
4	Recipes	Per the AutoPkg wiki, a recipe is an XML plist that contains several sections describing a sequence of tasks that can be used to automate tasks involving retrieval, patching, building, packaging, and/or importing some piece of software. Refer to https://github.com/autopkg/autopkg/wiki/Recipe-Format for detailed information about recipes.
5	Autopkg	Per the AutoPkg wiki, AutoPkg is an automation framework for OS X software packaging and distribution, oriented towards the tasks one would normally perform manually to prepare third-party software for mass deployment. Refer to https://github.com/autopkg/autopkg/wiki for detailed information about AutoPkg.
6	Munki tools	Per the Munki wiki, munkiimport is a command-line-based assistant for importing pkgs, disk images and apps into your munki repo. Munki tools are installed and configured during enrollment. Refer to https://github.com/munki/munki/wiki/munkiimport for detailed information about munkiimport.