Iru

This article provides step-by-step instructions to implement the App Catalog using Iru (formerly Kandji).

Last updated About 6 hours ago

Requirements

At least a Iru account with Standard permissions

Configuration Profile

A Configuration Profile is needed to activate and configure the App Catalog. There are two options:
- Basic: Go to the App Catalog Customer Portal to get a Configuration Profile to get you started right away with basic settings including the Supporting Configuration Profiles
- Custom: Read the documentation to create a custom (advanced) configuration profile to meet your requirements: Configuration Profile
When your Configuration Profile is ready, login at your Iru tenant
Go to Library -> Add new -> Custom profile
Click Add & Configure
Choose a name such as: App Catalog Configuration
Optionally select a Blueprint to add the App Catalog to an existing Blueprint or do this later
Make sure to only select Mac in the Install on field
Select the .mobileconfig file containing your Configuration Profile

Click Save

Supporting Configuration Profiles

To fully enable the App Catalog, some additional profiles are needed such as a Notifications payload, a Managed Login Item payload and PPPC.

Notifications

To automatically allow install and update notifications, you will need to deploy a Notifications profile. At this moment, Iru does not have an option to create a native Notifications profile from the Library. A custom profile is required.

Download the example Configuration Profile from here:

Granting User Notifications

Go to Library -> Add new -> Custom profile
Click Add & Configure
Choose a name such as: Notifications - App Catalog
Optionally select a Blueprint to add the App Catalog to an existing Blueprint or do this later
Make sure to only select Mac in the Install on field
Select the .mobileconfig file

Click Save

Managed Login Item

Create a Managed Login Item to make sure App Catalog background services cannot be disabled by the end user. Refer to the following page for more information:

Managed Login Item

Go to Library -> Add new -> Login & Background Items
Click Add & Configure
Choose a name such as: Managed Login Item - App Catalog
Optionally select a Blueprint to add the App Catalog to an existing Blueprint or do this later
Click Add Background Item and fill in the information from Managed Login Item

Click Save

PPPC

Create a Privacy Preference Policy Control profile to make sure the App Catalog has the necessary permissions to install and update apps. Refer to the following page for more information:

Full Disk Access (PPPC)

When your Configuration Profile is ready, go to Library -> Add new -> Privacy
Click Add & Configure
Choose a name such as: PPPC - App Catalog
Optionally select a Blueprint to add the App Catalog to an existing Blueprint or do this later
Fill in the information from Full Disk Access (PPPC). For App or Service, choose either SystemPolicyAllFiles or SystemPolicyAppBundles depending on your preference.

Click Save

Installing Apps

To install apps, the Catalog Agent needs to be installed and called with the Bundle Identifier as described in Installing Apps and needs to be done in a small script. Iru does not support the use of variables in Shell Scripts and therefore a separate script for every app you want to install is needed. Follow these steps to create and add an app installation script:

Copy the app Bundle Identifier from https://portal.appcatalog.cloud/catalog
Download the app icon from https://portal.appcatalog.cloud/catalog
Go to Library -> Add new -> Custom Scripts
Click Add & Configure
Choose a name such as the name of the app
Click on the icon next to the name and choose Add new icon to upload the app icon

Optionally select a Blueprint to add the App Catalog to an existing Blueprint or do this later
Set to Execution Frequency to your preference
Obtain the installation location of the app, such as: /Applications/Google Chrome.app
Add an Audit Script to check if the app was successfully installed. Make sure to change the app installation location:

Example
#!/bin/zsh --no-rcs

# App location
app_location="/Applications/Google Chrome.app"

# Audit
if [[ -e "${app_location}" ]]; then
    echo "${app_location} is already installed"
    exit 0
else
    echo "${app_location} is not installed yet"
    exit 1
fi

Add a Remediation Script to install the App Catalog (if not already installed) and the app

Example
#!/bin/zsh --no-rcs

# Install App Catalog when not installed yet
if [[ ! -f "/usr/local/bin/catalog" ]]; then
    curl -sSL https://cdn.appcatalog.cloud/install_app_catalog.zsh | zsh
fi

# Install app
/usr/local/bin/catalog --install "com.google.Chrome"

Click Save

Liftoff

If you use Iru Liftoff to show an onboarding visualization, the app installs will also be shown.

Remember to add the app icon to the Custom Script to make sure the app icon is shown in Liftoff.