Skip to main content
Cisco Meraki Documentation

Using Custom Apple Profiles with Systems Manager

  1. Last updated
  2. Save as PDF

Introduction

In addition to the configuration options in SM, Apple provides tools to create custom Mac and iOS device profiles, which can then be added to SM and distributed to managed devices. 

This document outlines how to create profiles using Apple Configurator and Profile Manager, then deploy these profiles through Meraki Systems Manager.

Creating Custom Profiles

While the majority of Mac and iOS device configuration can be done directly through Dashboard, there are some cases where a more thorough configuration profile is needed. For these edge cases, either Apple Configurator or Profile Manager can be used to create a custom profile, as outlined in the following sections.

Creating Profiles in Apple Configurator

As a prerequisite, Apple Configurator 2 must be installed/deployed on a Mac OS X device.

The following instructions outline how to create and export profiles in Apple Configurator:

  1. Launch Apple Configurator.
  2. On the toolbar, open the File menu and select New Profile:
    Screen_Shot_2015-10-30_at_1.57.01_PM.png
     
  3. Configure and save the intended settings to be applied. (e.g. AirPrint, contacts, cellular). The image below shows an example AirPrint configuration for this profile:
    Screen_Shot_2015-10-30_at_1.40.43_PM.png
     
  4. After configuring settings as needed, save the profile (a .mobileconfig file) to a local directoryScreen_Shot_2015-10-30_at_1.41.17_PM.png

 

Once this profile is created, it can be uploaded to Dashboard as outlined below.

Creating Profiles in Profile Manager

As a prerequisite to this section, Profile Manager must installed/deployed on a macOS device running macOS server. macOS server has been discontinued by Apple and is no longer offered to new users.

The following instructions outline how to create and export profiles in Apple 

  1. Open Profile Manager.
  2. Navigate to Users > "Directory Administrator".
  3. Select the Settings tab and click Edit to create a profile:
    EditProfile-1.png
     
  4. Configure and save the intended settings to be applied. (e.g. AirPrint, contacts, cellular). The image below shows an example Single Sign-On configuration for this profile:
    ConfigureProfile.png
     
  5. After configuring settings as needed, click Ok, followed by Save.SaveProfile.png
     
  6. Click Download to save the profile as a .mobileconfig file.DownloadMobileconfig.png

 

Once this profile is created, it can be uploaded to Dashboard as outlined below.

Uploading a Custom Profile to Dashboard

Once a custom configuration profile has been created and saved, its .mobileconfig file can be uploaded to Dashboard for deployment:

  1. In Dashboard, navigate to Systems Manager > Manage > Settings.
  2. Click the '+' at the top right to add a new profile.
  3. Select Upload a custom iOS/OS X Apple configurator profile:                                                                                                              2017-02-06 12_37_17-NotificationsForm.png
  4. Upload the .mobileconfig file created earlier to import the profile into Systems Manager.

Tagging and Grouping Profiles

In a mobile environment, it is often necessary to group profiles and settings by different users and device identity. In Dashboard, you can use tags to select the devices that need to have certain settings applied, and group them accordingly. Settings can be collected together into a profile and devices can have multiple profiles applied to them. This allows for a highly granular, hierarchical approach to applying settings to devices.

For more information on tagging, see this guide.

Screen Shot 2018-05-01 at 4.22.20 PM.png

 

In an enterprise environment, a good practice is to create a number of profiles: Some baseline/global profiles, and some that are more specific. This eliminates the need for administrators to maintain unique settings for each individual device use case. These profiles can then be updated in the future, and all associated devices will automatically update to reflect these changes. If a device receives multiple profiles with conflicting settings, the most restrictive setting applies.

 

sm_wp_ent_profile_stack-1.png

Multiple profiles allow granular device settings and simple management

 

When managing a profile in the Meraki Dashboard, that profile can be associated with a particular device scope by using tags. These tags can be static or dynamic, where dynamic tags can reduce and automate work required to manage a large number of devices.

For example: If a school-owned device is not physically on-site (as detected through Geofencing), then it can dynamically remove the school's restrictive policies for home use. Further information on Geofencing is available here.

Additional Resources

Please refer to our documentation for additional information on dynamic tags and profiles.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Stage
    Final
  2. Tags
    1. apple configurator
    2. custom profiles
    3. SM
    4. systems manager