Administrators face numerous challenges when managing a macOS deployment. While an MDM may solve most, some workflows can benefit from extra help. This article introduces you to a jungle of various open-source technologies that can automate workflows and enable additional functionalities for Mac deployments.
It's worth mentioning that many of these tools require a fair amount of technical aptitude to implement successfully. Even so, the time invested into deploying these tools is worth it! Some of these tools can make a difference in successfully achieving your deployment goals.
That's why we recommend first identifying the specific requirements for your deployment. Then, evaluate which can be covered adequately using out-of-the-box features offered by your device management solution. Finally, look for options to address any remaining needs.
Happy hunting!
1. Munki
Munki is a handy tool for managing software installations on macOS. It's one of the most common and reputable open-source solutions known to MacAdmins – so much so that we decided to bake it right into SimpleMDM!
Its features are highlighted by an internal app store known as the Managed Software Center. This provides users a simple interface and self-serve experience for installing and updating software. Admins can also remotely deploy unsigned packages otherwise not permitted by Apple MDM and enforce software installations, updates, removals, and much more.
Munki's integration with SimpleMDM enhances macOS software management by automating the management of software lifecycle and maintenance. It also eliminates the need for a separate web server, streamlining the delivery of Munki resources to devices.
For MDMs in general, Munki is commonly integrated into deployment workflows alongside MDM and the Apple Automated Device Enrollment Program (ADE) to offer a pleasant onboarding experience for users and admins alike.
In addition, there have been various open-source contributions to further enhance Munki workflows. To name a few...
2. Sal
Sal is a client-based reporting dashboard for Munki that allows you to create hierarchical permission sets for viewing reports on your Mac deployment.
For example, you can configure reporting permissions for the manager of an individual department, allowing them to view only reports for their department. It also allows you to create custom reporting widgets, search for specific machines and deployment information, and even build plugins.
3. Munki-pkg
This is a tool for building macOS PKGs via the command line as part of your Munki Deployment.
4. MunkiWebAdmin 2
The second iteration of MunkiWebAdmin, this tool provides a web-based interface for Munki administrators to manage their Munki repositories.
5. MunkiReport-PHP
This provides a web-based dashboard that allows you to run and view various reports on your Mac deployment.
6. DEPNotify
Much of the deployment process is often shrouded in mystery from the perspective of the device user, particularly during ADE (DEP) enrollment.
DEPNotify offers end users transparency and insight into the magic behind the scenes through a sleek interface displayed during the initial setup process. It can show custom messaging and visuals indicating the device's progress, letting users know what's happening.
This open-source tool is similar to Kandji's Liftoff feature, so if you're looking for that type of functionality (but without the MDM commitment), give this tool a try!
7. NoMAD
NoMAD, short for "No More Active Directory," fills a unique gap for Mac deployments that traditionally use mobile accounts bound to Active Directory. Specifically, it allows admins to decouple their deployment from Active Directory while retaining the benefits of binding user accounts to it.
User accounts remain local while NoMAD handles all the interactions with Active Directory, and it can be implemented while still bound, allowing for a smoother transition process. NoMAD supports additional functionalities, including single sign-on at the macOS sign-in window and password synchronization.
NoMAD solves identity management challenges for Mac users in an Active Directory environment, similar to Kandji's Passport feature. NoMAD is an excellent alternative to add that flow into your deployment regardless of your MDM.
8. UMAD
(No, you mad? 😜)
UMAD (User Message, Agent, and Dialog) is open-source software that provides a custom interface to simplify migrating from one Mac MDM to another. It streamlines the re-enrollment process by automating Apple MDM commands and guiding users through migration with easy-to-follow prompts. UMAD effectively prompts end users to enroll their macOS devices into MDM systems while offering a visually appealing and customizable interface.
9. InstallApplications
InstallApplications (not to be confused with the InstallApplication MDM protocol command) can often be found as a central piece of Mac ADE enrollment workflows as the initially signed package deployed via MDM. This lightweight package can then install and configure additional software, profiles, and scripts. It's commonly used to deploy other MDM tools, such as Munki and DEPNotify, during the initial device setup process following ADE enrollment.
10. AutoPkg
Like Munki-pkg, AutoPKG is a command line tool for creating macOS packages. It's designed for use with Munki but can be used elsewhere for package creation. AutoPKG supports a feature called "recipes," which are prebuilt sequences for automating many tasks of the build process. You can build your recipes or use pre-existing recipes to save time.
Check out the open-source repository plugin for integrating Munki (and AutoPkg) with SimpleMDM for further DIY possibilities.
11. AutoPkgr
This free Mac app adds a slick, easy-to-use interface to the AutoPKG tool, a nifty addition for admins who prefer a more visual experience while managing their packages and recipes. It allows you to view your recipes, add new components with a few clicks, discover and subscribe to new recipes, and schedule checks for existing recipes, amongst other tasks.
12. Crypt
Ensuring that FileVault is enabled on company-owned Macs is often a high priority. Apple MDM has built-in support for FileVault enforcement and key escrow, but Crypt expands on these capabilities.
Crypt can be configured on your server for storing FileVault recovery keys. Further, it can enforce FileVault when devices are offline, enable admins to configure specific permissions for users and offer a self-serve functionality to allow users to request their recovery keys.
13. Payload-Free Package Creator
Building macOS PKGs used only for deploying scripts can be a repetitive hassle. Additionally, admins often don't want the package to leave anything behind after running the script. This clever tool makes it easy for admins to quickly build packages from their scripts that can be delivered via MDM.
14. Nudge
Nudge is a popular open-source software designed for macOS devices to encourage users to stay up to date with essential security patches in a non-intrusive manner.
It uses native processes and a custom interface to notify users of pending updates and displays customizable options, like deferrable deadlines. Nudge aims to gently "nudge" users towards installing updates for improved security, compatibility, and system performance rather than forcing updates without user consent.
15. S.U.P.E.R.M.A.N
S.U.P.E.R.M.A.N. (or super) is similar to — but a bit more forceful than — Nudge. Super is an open-source script designed to improve the macOS software process for Intel and Apple silicon computers.
S.U.P.E.R.M.A.N is deployed using a single script and optional configuration profile, creating a background agent (LaunchDaemon) to apply software updates with minimal user interference. It offers customizable deferrals and deadlines, making the update experience more user-friendly for users and administrators.
16. Erase-Install
Erase-Install is a script that streamlines and automates macOS erase and install operations for MacAdmins. Automating the software update download and enabling local erasure and reinstallation through the terminal simplifies the process for IT administrators managing enterprise deployments. Erase-Install uses macOS Installer applications for clean installations, allowing users to erase the current macOS version and reinstall the latest or desired version.
17. XCreds
XCreds by twocanoes streamlines user credential collection and secure handling during Mac deployment. Designed for capturing and saving user credentials in enterprise onboarding, it provides MacAdmins with an easy-to-use utility similar to Kandji Passport or Jamf Connect, but without the cost. While XCreds is free, paid support for cloud provider syncing is available.
18. SwiftDialog
SwiftDialog is an open-source software that simplifies creating and displaying custom dialog windows using the Swift programming language in macOS. It eliminates the need to build dialog windows from scratch. It provides MacAdmins with a handy utility for displaying information and alerts and capturing user input during a macOS initial deployment or other workflows.
19. SwiftDialog-Setup Your Mac
SwiftDialog-Setup Your Mac (the big brother of SwiftDialog) streamlines and automates onboarding while taking some workload off IT. Built on the SwiftDialog open-source tool, it assists MacAdmins by automating new Mac setups and guiding users through a simple configuration process. Comparable to DEPNotify or Liftoff, this tool aims to improve the end-user onboarding experience and make new deployments a breeze.
20. Outset
Outset is open-source software that automates the execution of scripts on system boot, user login, or on-demand. Its primary purpose is to assist in managing macOS devices by harnessing the power of automation, giving MacAdmins one less thing to worry about.
Closing thoughts
Whether you're a seasoned MacAdmin or hoping to become a MacAdmin, These are just a handful of open-source tools that can provide efficient solutions to MacAdmins' daily tasks. As always, feel free to suggest additional recommendations on the PDQ Discord!
Check out MacAdmins' full list of open-source projects to see what other treasures are out there!
Finally, thank you to the original contributors of these passion projects and all other unnamed contributors for creating these solutions and sharing them with the community.
Tool | Contributor |
Munki | Greg Neagle |
Sal | Graham Gilbert |
Munki-pkg | Greg Neagle |
MunkiWebAdmin 2 | Greg Neagle |
MunkiReport-PHP | Arjen van Bochoven |
DEPNotify | Joel Rennich |
NoMAD | Joel Rennich |
InstallApplications | Erik Gomez |
AutoPkg | Greg Neagle |
AutoPkgr | The Linde Group |
Crypt | Graham Gilbert |
Payload-Free Package Creator | Rich Trouton |
Nudge | Erik Gomez |
S.U.P.E.R.M.A.N. | Kevin M. White |
Erase-Install | Graham Pugh |
XCreds | Tim Perfitt |
SwiftDialog | Bart Reardon |
SwiftDialog-Setup Your Mac | Dan Snelson |
UMAD | Erik Gomez |
Outset | Joe Chilcote |
SimpleMDM is a mobile device management solution that helps IT teams securely update, monitor, and license Apple devices in minutes while automatically staying on top of Apple updates.
To see how simple Apple device management can be, sign up for a free 30-day trial.
