Description
This article provides steps on configuring a Safelist and Blocklist profile for macOS.
Safelisting an app: allows end user access to an app
Blocklisting an app: restricts user access to the application.
Please note blocklisting an app on macOS will still show the application but end users are unable to use the application once clicked into. They will see:
Note: Blocking and Allowing applications by their file path is deprecated by Apple (Apple Payload Documentation) while this still works for many devices on a variety of macOS version this functionality is not guaranteed and may cease working at any point.
Creating Your Safelist and Blocklist Profile
In Jamf School go to Profiles > Overview and click Create Profile.
Select macOS and Device Enrollment and click Next.
Name the profile and click Next. Click Finish.
Click the Safelist and Blocklist payload and click Configure.
Configure the desired settings by using one of the options below:
To allow apps: use the "Bundle IDs of allowed applications" or "Paths to allowed applications" section.
To restrict app access: use the "Paths to disallowed applications" field.
If you need assistance finding the bundle ID or file path when configuring the profile:
To determine an application's bundle ID: Open Terminal and run the following command:
codesign -dr - /path/to/yourapp.app
.For example, the output for codesign -dr - "/Applications/Brave Browser.app" is:
Executable=/System/Volumes/Data/Applications/Brave Browser.app/Contents/MacOS/Brave Browser designated => identifier "com.brave.Browser" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */
Based on the output, the bundle ID is: "com.brave.Browser"
To find an application's file path: The application can be dragged and dropped into Terminal which it will output the file path or follow the steps in Show the path to file or folder.
Click Scope and use the + button to add desired device groups to scope.
Click Save.