When deploying the Twingate Client to employees via an MDM solution, there are two tasks that can be automated:
- Installing the Twingate Client application. For macOS and iOS, the Twingate Client app is available for free on the Mac App Store and App Store. MDM solutions allow distribution of public apps.
- Pre-configuring your network name (eg.
autoco.twingate.com), so that employees do not need to enter this on initial setup. This eliminates all configuration for the user.
Instructions are included below for the following MDM solutions:
- VMWare Workspace ONE
- JAMF (step-by-step instructions coming soon!)
- Fleetsmith (step-by-step instructions coming soon!)
- KACE (step-by-step instructions coming soon!)
Formerly known as VPP (Volume Purchasing Program), Apple Business Manager (ABM) allows companies to distribute App Store and Mac App Store apps to managed devices without required employees to sign in using their own Apple ID.
If employee devices are managed by your company, or your users do not have Apple IDs configured on their devices, you can distribute Twingate using a mobile device management (MDM) solution like JAMF, Fleetsmith, VMWare Workspace ONE, or KACE.
Twingate is a free app available on the Mac App Store and App Store, however in order to distribute it via an MDM solution, you must "purchase" seats for the Twingate app before they can be distributed via your company's MDM solution. You'll need to go through the following steps:
- Sign in to Apple Business Manager (user guide) with your company's central Apple ID account.
- Search for "Twingate" and select the number of seats you wish to provision. There is no cost involved.
- The Twingate app and the number of unallocated seats will be visible in your MDM solution, allowing you to install the app on managed devices without users needing to sign in using their personal Apple ID.
To configure Workspace ONE to distribute native apps from the Mac App Store and App Store, you'll need to go through the following configuration steps from the Workspace ONE admin console:
- Connect Workspace ONE to Apple Business Manager (ABM). After following the steps above to allocate app seats in ABM, you need to connect Workspace ONE to your ABM account. Go to Settings > Apple (under Devices & Users) > VPP Managed Distribution. From here, follow the guided steps to link to your ABM account. Ensure that "Automatically Send Invites" is unchecked. When you are done, your configuration should appear similar to the screenshot below:
- Enabled device assignment. To prevent users from being required to use their personal Apple ID to accept app assignments, you must change the default deployment method to enable device assignment. Navigate to Applications > Native > Purchased and select one of the Twingate apps if you are assigning both iOS and macOS apps. From More Actions select Enable Device Assignment.
- Enable automatic updates. We recommend enabling automatic updates. You can do this by selecting both apps, and choosing Enable Auto Updates from the More Actions menu.
In order to distribute the Twingate macOS and iOS Clients with Kandji, you first need to add the Twingate Apps to Apple Business Manager. Once done:
- Connect to Kandji
- Select Library
- Find the Twingate Client app (for macOS and/or iOS) and select it. You should now be able to deploy the app to devices.
When the Twingate macOS Client application starts for the first time, we look for an Apple property list (
.plist) file in specific locations to configure one or both of the following settings:
- A pre-configured Twingate network subdomain (eg.
autoco.twingate.com). This avoids users needing to enter your Twingate network address on first run.
- Whether the Twingate client should start at login. This prevents users from needing to launch Twingate after signing into the device.
You can configure your MDM solution to push the plist file below to either of the following locations:
If property list files are found in both locations, the file in
/Library/Managed Preferences will take priority.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>startAtLogin</key> <true/> <key>network</key> <string>autoco</string> </dict> </plist>
In the example above, "
autoco" would be replaced with the name of your Twingate network subdomain and the Twingate Client will start at device login.
Updated about 1 month ago