Administrators face numerous challenges when managing a macOS deployment. While an MDM may solve most challenges, some workflows can benefit from additional support. This article introduces a range of open-source technologies that can help automate workflows and provide enhanced functionality for Mac deployments. It’s worth noting that many of these tools require significant technical expertise to implement effectively. However, the time and effort invested in deploying these tools can be well worth it. They can potentially make a critical difference in achieving your deployment goals.
To get started, we recommend identifying the specific requirements for your deployment. Next, evaluate which needs can be met using the built-in features of your device management solution. Finally, explore additional tools to address any remaining gaps.
Happy hunting!
1. Munki
The essential macOS software manager.
Munki is a handy tool for managing software installations on macOS. It's one of the most common and reputable open-source solutions known to MacAdmins — so much so that we decided to bake it right into SimpleMDM!
Its features are highlighted by an internal app store known as the Managed Software Center. This provides users with a simple interface and self-serve experience for installing and updating software. Admins can also remotely deploy unsigned packages otherwise not permitted by Apple MDM and enforce software installations, updates, removals, and much more.
Munki's integration with SimpleMDM enhances macOS software management by automating the management of the software lifecycle and maintenance. It also eliminates the need for a separate web server, streamlining the delivery of Munki resources to devices.
For MDMs in general, Munki is commonly integrated into deployment workflows alongside MDM and the Apple Automated Device Enrollment Program (ADE) to offer a pleasant onboarding experience for users and admins alike.
In addition, various open-source contributions further enhance Munki workflows. To name a few ...
2. Sal
Advanced reporting for Munki.
Sal is a client-based reporting dashboard for Munki that allows you to create hierarchical permission sets for viewing reports on your Mac deployment.
For example, you can configure reporting permissions for the manager of an individual department, allowing them to view only reports for their department. You can also create custom reporting widgets, search for specific machines and deployment information, and even build plugins.
3. munkipkg
PKG building made easy.
This is a tool for building macOS PKGs via the command line as part of your Munki deployment.
4. MunkiWebAdmin2
Web-based Munki management.
The second iteration of MunkiWebAdmin, this tool provides a web-based interface for Munki administrators to manage their Munki repositories.
5. MunkiReport
Deployments insights dashboard.
This provides a web-based dashboard that allows you to run and view various reports on your Mac deployment.
6. DEPNotify
User transparency during ADE.
Much of the deployment process is often shrouded in mystery from the perspective of the device user, particularly during ADE (DEP) enrollment.
DEPNotify offers end users transparency and insight into the magic behind the scenes through a sleek interface displayed during the initial setup process. It can show custom messaging and visuals indicating the device's progress, letting users know what's happening.
This open-source tool is similar to Kandji's Liftoff feature, so if you're looking for that type of functionality (but without the MDM commitment), give this tool a try!
7. NoMAD
Simplifying Active Directory integration.
NoMAD, short for "No More Active Directory," fills a unique gap for Mac deployments that traditionally use mobile accounts bound to Active Directory. Specifically, it allows admins to decouple their deployment from Active Directory while retaining the benefits of binding user accounts to it.
User accounts remain local while NoMAD handles all the interactions with Active Directory, and it can be implemented while still bound, allowing for a smoother transition process. NoMAD supports additional functionalities, including single sign-on at the macOS sign-in window and password synchronization.
NoMAD solves identity management challenges for Mac users in an Active Directory environment, similar to Kandji's Passport feature. NoMAD is an excellent alternative to add that flow into your deployment regardless of your MDM.
8. UMAD
Effortless MDM Migration.
(No, you mad? 😜)
UMAD (Universal MDM Approval Dialog) is open-source software that provides a custom interface to simplify migrating from one Mac MDM to another. It streamlines the reenrollment process by automating Apple MDM commands and guiding users through migration with easy-to-follow prompts. UMAD effectively prompts end users to enroll their macOS devices into MDM systems while offering a visually appealing and customizable interface.
9. InstallApplications
Automating onboarding workflows.
InstallApplications (not to be confused with the InstallApplication MDM protocol command) can often be found as a central piece of Mac ADE enrollment workflows as the initially signed package deployed via MDM. This lightweight package can then install and configure additional software, profiles, and scripts. It's commonly used to deploy other MDM tools, such as Munki and DEPNotify, during the initial device setup process following ADE enrollment.
10. AutoPkg
Streamlined macOS package creation.
Like munkipkg, AutoPkg is a command-line tool for creating macOS packages. It's designed for use with Munki but can be used elsewhere. AutoPkg supports a feature called "recipes," which are prebuilt sequences for automating many tasks of the build process. You can build your own recipes or use preexisting recipes to save time.
Check out the open-source repository plugin for integrating Munki (and AutoPkg) with SimpleMDM for further DIY possibilities.
11. AutoPkgr
Streamlined macOS package creation-er.
This free Mac app adds a slick, easy-to-use interface to the AutoPkg tool, a nifty addition for admins who prefer a more visual experience while managing their packages and recipes. It allows you to view your recipes, add new components with a few clicks, discover and subscribe to new recipes, and schedule checks for existing recipes, among other tasks.
12. Crypt
Enhancing FileVault management.
Ensuring that FileVault is enabled on company-owned Macs is often a high priority. Apple MDM has built-in support for FileVault enforcement and key escrow, but Crypt expands on these capabilities.
Crypt can be configured on your server for storing FileVault recovery keys. It can also enforce FileVault when devices are offline, enable admins to configure specific permissions for users, and offer self-serve functionality to allow users to request their recovery keys.
13. Payload-Free-Package-Creator
Deploying scripts with ease.
Building macOS PKGs used only for deploying scripts can be a repetitive hassle. Additionally, admins often don't want the package to leave anything behind after running the script. This clever tool makes it easy for admins to quickly build packages from their scripts that can be delivered via MDM.
14. Nudge
Encouraging security updates, user by user.
Nudge is a popular open-source software designed for macOS devices to encourage users to stay up to date with essential security patches in a nonintrusive manner.
It uses native processes and a custom interface to notify users of pending updates and displays customizable options, like deferrable deadlines. Nudge aims to gently "nudge" users towards installing updates for improved security, compatibility, and system performance rather than forcing updates without user consent.
15. S.U.P.E.R.M.A.N.
Automatic software updates.
S.U.P.E.R.M.A.N. (or super) is similar to — but a bit more forceful than — Nudge. Super is an open-source script designed to improve the macOS software process for Intel and Apple silicon computers.
S.U.P.E.R.M.A.N. is deployed using a single script and optional configuration profile, creating a background agent (LaunchDaemon) to apply software updates with minimal user interference. It offers customizable deferrals and deadlines, making the update experience more user-friendly for users and administrators.
16. erase-install
Simplified clean installations.
Erase-install is a script that streamlines and automates macOS erase and install operations for MacAdmins. Automating the software update download and enabling local erasure and reinstallation through the terminal simplifies the process for IT administrators managing enterprise deployments. Erase-install uses macOS installer applications for clean installations, allowing users to erase the current macOS version and reinstall the latest or desired version.
17. XCreds
Secure credential management.
XCreds by twocanoes streamlines user credential collection and secure handling during Mac deployment. Designed to capture and save user credentials in enterprise onboarding, it provides MacAdmins with an easy-to-use utility similar to Kandji Passport or Jamf Connect but without the cost. While XCreds is free, paid support for cloud provider syncing is available.
18. swiftDialog
Custom dialog boxes made easy.
SwiftDialog is an open-source software that simplifies creating and displaying custom dialog windows using the Swift programming language in macOS. It eliminates the need to build dialog windows from scratch. SwiftDialog provides MacAdmins with a handy utility for displaying information and alerts and capturing user input during a macOS initial deployment or other workflows.
19. swiftDialog Setup Your Mac
Enhanced user onboarding.
SwiftDialog Setup Your Mac (the big brother of swiftDialog) streamlines and automates onboarding while taking some workload off IT. Built on the swiftDialog open-source tool, it assists MacAdmins by automating new Mac setups and guiding users through a simple configuration process. Comparable to DEPNotify or Liftoff, this tool aims to improve the end-user onboarding experience and make new deployments a breeze.
20. Outset
Automating script execution.
Outset is open-source software that automates the execution of scripts on system boot, user login, or on-demand. Its primary purpose is to assist in managing macOS devices by harnessing the power of automation, giving MacAdmins one less thing to worry about.
Final thoughts on open-source tools for macOS management
Whether you're a seasoned MacAdmin or hoping to become a MacAdmin, these open-source tools can efficiently solve MacAdmins' daily tasks. As always, feel free to suggest additional recommendations on the PDQ Discord!
Check out MacAdmins' full list of open-source projects to see what other treasures are out there!
Finally, thank you to the original contributors of these passion projects and all other unnamed contributors for creating these solutions and sharing them with the community.
Tool | Contributor |
Munki | Greg Neagle |
Sal | Graham Gilbert |
munkipkg | Greg Neagle |
MunkiWebAdmin2 | Greg Neagle |
MunkiReport | Arjen van Bochoven |
DEPNotify | Joel Rennich |
NoMAD | Joel Rennich |
UMAD | Erik Gomez |
InstallApplications | Erik Gomez |
AutoPkg | Greg Neagle |
AutoPkgr | The Linde Group |
Crypt | Graham Gilbert |
Payload-Free-Package-Creator | Rich Trouton |
Nudge | Erik Gomez |
S.U.P.E.R.M.A.N. | Kevin M. White |
erase-install | Graham Pugh |
XCreds | Tim Perfitt |
swiftDialog | Bart Reardon |
swiftDialog Setup Your Mac | Dan Snelson |
Outset | Joe Chilcote |
SimpleMDM is a mobile device management solution that helps IT teams securely update, monitor, and license Apple devices in minutes while automatically staying on top of Apple updates.
To see how simple Apple device management can be, sign up for a free 30-day trial.
