Automate Endpoint Configurations with Scripts for macOS Devices

Use Scripts to run Bash, Python 3, or Zsh for endpoint configurations on macOS devices using Workspace ONE UEM.

Important: Scripts are not permitted to be assigned to Employee-Owned devices for privacy reasons.

Scripts Description

With Scripts, located in the main navigation under Resources, you can push code to macOS devices to do various configuration processes. For example, push a Bash script that changes the device's hostname.

Use Variables in your scripts to protect sensitive static data like passwords and API keys, or use UEM lookup values for dynamic data such as device ID and user name. You can also make this code available to your macOS users so they can run it on their devices when needed. Make code available by integrating the Workspace ONE Intelligent Hub with Scripts so that users can access the code in the Apps area of the catalog.

Note: If you are publishing scripts to less than 2000 (default value) devices, the devices are notified immediately to fetch the resource. However, if the smart groups assigned have more than 2000 devices, then the devices will receive the resource the next time the devices checks-in with Workspace ONE UEM console.

How Do You Know Your Scripts Are Successful?

You can find out if Scripts ran successfully using the Scripts tab in a device's Device Details page. In the Workspace ONE UEM console, go to the applicable organization group, select Devices > List View, and choose an applicable device. On the Scripts tab, look in the Status column for an Executed or Failed status. Statuses depend on the exit code (also known as error code or return code).

Executed - Workspace ONE UEM displays this status after the exit code returns a 0.
Failed- Workspace ONE UEM displays this status after the exit code returns any value that is not a 0.

Create a Script for macOS Devices

Scripts for macOS managed by Workspace ONE UEM supports using Bash, Python 3, or Zsh to run code on end user devices. Integrate Scripts with the Workspace ONE Intelligent Hub for macOS and enable self-service to Scripts for your users.

Note:

Scripts functionality requires Intelligent Hub 20.10 and Workflow Engine 20.10 for macOS.

In the Workspace ONE UEM console, navigate to Resources > Scripts > Add.
Select macOS.

Configure the script settings for the Generaltab.

Settings	Description
Name	Enter a name for the script
Description	Enter a description for the script
App Catalog customization(Optional)	Enable offering self-service access to Scripts in the Workspace ONE Intelligent Hub catalog. Display Name - Enter the name that users see in the catalog. Display Description - Enter a brief description of what the script does. Icon- Upload an icon for the script. Category - Select a category for the script. Categories help users filter apps in the catalog. Although you have completed the settings for the script in the catalog, there is another configuration to set to display your script in the Workspace ONE Intelligent Hub. When you assign the script to devices, enable the Show in Hub menu item or these customizations do not display in the catalog.

Click Next.

Configure the script settings for the Details tab.

Settings	Description
Language	Enter the scripting language. Select either Bash, Python 3 or Zsh.
Execution Context	This setting controls whether the script runs in the user or system context.
Timeout	In case the script gets looped or is unresponsive for some reason, enter a length of time in seconds for the system to run the script and then stop.
Code	Upload a script or write your own in the text box provided.

Click Next.
In the Variables tab, configure key and value pairs to be accessible in the scripting environment:

Add static values, such as API keys, service account names or password by providing the key and the value of the variable. Or, add dynamic UEM lookup values such as \{enrollmentuser\} by providing a key name and then selecting the lookup value icon. To use variables in a Bash/Zsh script, reference the variable directly by name using $myvariable. To use variables in a Python 3 script, you must first import the os module, then use the getenv method like os.getenv$'myvariable'$.

For instance, if the variable definition has a key named SystemAccount and a value of admin01, the script can assign the variable to a script-variable, named account as shown below:
```
Bash/Zsh

$account = $SystemAccount

Python 3

import os

account=os.getenv('SystemAccount')
```
Click Save.

You have successfully created a Script.

What to do next:

After creating Scripts, you can assign it to smart groups.

To assign the script to a smart group, select a script from the Scripts page, and click Assign.
Click New Assignment and enter Assignment Name and select the smart group. Click Next.

In the Deployment page, select any of the following triggers:

Settings	Description
Run Periodically	Run the script at a scheduled time. Enter the schedule for every 4/6/8/12 hours.
Run Once Immediately	Run the script on all currently enrolled assigned devices automatically. Run the script immediately after a device is enrolled.
Login	Run the script at login.
Logout	Run the script at logout.
Startup	Run the script at startup.
Network Change	Run the script at the occurrence of network changes.

Enable Show In Hub (optional) to show your App Catalog Customization settings for the script in the Workspace ONE Intelligent Hub. You can deactivate this option to hide a script from assigned smart groups in the catalog.
Click Save.

You have successfully assigned a Script to a smart group and added triggers.

View Scripts in Device Details

Navigate to the Scripts tab in a device's Device Details to view the execution status of your Scripts.

Navigate to Device> Details View > Scripts.
In the list you can view name of the script, last execution time, status, and log details.