How to use custom configuration profiles with custom attributes

SimpleMDM Favicon
SimpleMDM|Updated September 5, 2023
Stylized product illustration
Stylized product illustration

Configuration profiles are a primary building block of mobile device management. Taking the form of an XML property-list file, these profiles allow you to remotely apply profiles to devices that can be used to configure specific settings, enforce restrictions, set up preferences, and much more.

You can quickly create many of these profiles with SimpleMDM. However, some situations may require a custom profile. That’s why SimpleMDM supports custom configuration profiles. Admins can upload their own profiles and edit them within the SimpleMDM interface using a built-in text editor. Admins can also insert custom attributes into these profiles, which allows you to inject variable values on a group-level or device-level basis.

In this guide, we’ll walk you through how to use custom configuration profiles and custom attributes to specify profile values for individual devices and groups of devices.

There are a couple good resources to check first when looking for references of available configuration profiles. One is within Apple’s Configuration Profile Reference. Additionally, the profile docs guide maintained by the MacAdmins community is another great resource.

Getting started

Our objective in this tutorial is to display a custom message on the user login screen for macOS devices with the custom Loginwindow configuration profile.

For our walkthrough, we'll assume that you already have a profile (.mobileconfig file) available — we won't be covering the steps for creating the initial profile. There are many different sources for creating or obtaining configuration profiles, including but not limited to Apple ConfiguratorProfileCreator, or creating it manually using a text editor. The MacAdmins documentation above also has links to download generic profile templates.

If you want to follow along with our specific example, you can copy the code for the Loginwindow profile we will be using here:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>LoginwindowText</key> <string></string> <key>PayloadDescription</key> <string>Configures Loginwindow settings</string> <key>PayloadDisplayName</key> <string>Loginwindow</string> <key>PayloadIdentifier</key <string></string> <key>PayloadOrganization</key> <string>SimpleMDM</string> <key>PayloadType</key> <string></string> <key>PayloadUUID</key> <string>FD61E78F-B806-4ADD-B328-F0F4580F3809</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Sets text on login window.</string> <key>PayloadDisplayName</key> <string>LoginWindow</string> <key>PayloadIdentifier</key> <string>com.github.erikberglund.ProfileCreator.729A188D-D90A-430F-8B4E-24133EDC6E76</string> <key>PayloadOrganization</key> <string>ProfileCreator</string> <key>PayloadScope</key> <string>User</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>729A188D-D90A-430F-8B4E-24133EDC6E76</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

How to create a custom configuration profile in SimpleMDM

The first part of this process is to add the profile to SimpleMDM. Click the Add Profile button from the Profiles page, then select Custom Configuration Profile from the list. Give the profile a relevant name on the Custom Configuration Profile settings screen.

The next step is to add the .mobileconfig — there are two ways to do this:

  1. Next to the Mobileconfig field, click Choose File, and follow the prompts to upload your .mobileconfig from your computer.

  2. Copy and paste the code from your profile into the text editor field (if you have nothing to do today, you can type it in manually as well).

Next, we will check both boxes located below the text editor.

The first box, For macOS devices, deploy as a device profile instead of a user profile, tells MDM whether to install the profile so it applies to the whole system or just to enrolled user accounts. For this example, we want this profile to be applied at the device level.

The second box, Enable attribute support, is necessary for steps covered later in this walkthrough.

How To Use Custom Configuration Profiles With Custom Attributes 1

After adding the profile and checking both boxes, click Save. If SimpleMDM detects an issue with the profile contents that would make it invalid, an error message appears on the profile settings page. If you see this, check for typos, required keys that might be missing, syntax errors, or other similar issues.

Once the profile has saved successfully, you have a working custom configuration profile you can deploy to devices.

To deploy the profile, assign it to your device groups as needed by checking the box next to the profile name on the Device Group Details page.

Even though the profile has deployed to devices, you shouldn't see any change at this point because we haven't edited the profile to set the login window text. We will do that now.

Navigate back to Configs > Profiles, and click the custom profile name. You should see the XML code from the profile in the text editor. Locate the following piece of code in the text editor:

How To Use Custom Configuration Profiles With Custom Attributes 2

This is where we set the message displayed on the login window. We'll start by setting this value for all devices with this profile installed. In the text editor, type a new value between the <string> tags:

<key>LoginwindowText</key> <string>Property of Example Co.</string>

The profile should update on your devices shortly after saving the changes made in the editor.

**Tip: You may need to log in/out to refresh the screen and display the new message.

How to add attributes & custom attributes

Let's say you want your Macs to display their serial number on the login screen for your admins to reference quickly. This can be accomplished using the serial_number attribute, one of several attributes supported by default. Edit the configuration profile XML like before, except instead of adding the value you want to display directly, enter the attribute name using the following syntax:

<key>LoginwindowText</key> <string>{{serial_number}}</string>

You should now see the device serial number appear when logging in and out.

How to assign values at the group level

**Note: We will not cover the entire process for creating custom attributes since we have included these steps in previous articles. If you aren't familiar with them, refer to Attributes & Custom Attributes from our Knowledge Base for guidance.

Going further, let's assume that all your devices are grouped based on their department within your organization, and you want your devices to display their serial number and the department's name.

Create a custom attribute — we'll call it "department_name" — under the Attributes section in the SimpleMDM interface. In the Details page for each group, click the Settings tab, and enter the corresponding values you want to use for department_name. For example, enter Marketing Department for a marketing group, Engineering Team for an engineering group, etc.

Update your configuration profile similar to the following:

<key>LoginwindowText</key> <string>{{serial_number}} - {{department_name}}</string>

Your devices should now display new messages corresponding to the group-level attribute value, such as:

C012ACME902P – Marketing Department

How to assign values at the device level

Suppose we want to be even more specific and include the device user's name in this message. In that case, we can repeat a similar process, except we set the attribute value at the device level instead of the group level.

Create another attribute, such as device_user_name. Assign these values for individual devices in the corresponding field under the Settings tab of the Device Details page. Then update the configuration profile:

<key>LoginwindowText</key> <string>{{serial_number}} - {{device_user_name}} - {{department_name}}</string>

Your results should look similar to this:

C012ACME902P – Gretchen – Marketing Department

How To Use Custom Configuration Profiles With Custom Attributes 3

Going further

A wide range of tasks and solutions can be accomplished using custom configuration profiles and custom attributes. More advanced users might find that this sort of implementation could be an effective strategy for tasks such as setting up Munki profiles and enabling firewall configurations, among many others.

SimpleMDM Favicon

SimpleMDM is a mobile device management solution that helps IT teams securely update, monitor, and license Apple devices in a matter of minutes — all while staying on top of Apple updates automatically.

Related articles