Category filter
Custom configuration profile to skip Touch ID setup on macOS devices
While logging into the user account for the first time on a macOS device, the Setup Assistant walks you through a series of steps required to start using the device. Recent MacBook Pro and MacBook Air models have an additional Touch ID setup window as part of their Setup Assistant that prompts users to add a fingerprint, which can then later be used as an authentication mechanism for unlocking the Mac and making purchases with Apple Pay, the iTunes Store, the App Store, and Apple Books. Sometimes, organizations don’t want their employees to set up Touch ID as it becomes harder for them to remove the authentication once the employee leaves the company. In such cases, IT administrators can use a custom configuration profile to skip the Touch ID setup, which can be remotely deployed to multiple enrolled macOS devices using Hexnode’s Deploy Custom Configuration feature.
- This configuration profile is supported on macOS 10.12 and later devices enrolled in Hexnode.
The configuration profile provided below is adapted from a third-party open-source site.
Configuration profile to skip Touch ID setup window
The SkipTouchIDSetup key in the device management profile can have boolean values, true or false, to skip or not skip the Touch ID setup window. By default, the key value is false.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadDescription</key> <string>Configures Setup Assistant settings</string> <key>PayloadDisplayName</key> <string>Setup Assistant</string> <key>PayloadIdentifier</key> <string>com.company.skiptouchidsetup</string> <key>PayloadOrganization</key> <string></string> <key>PayloadType</key> <string>com.apple.SetupAssistant.managed</string> <key>PayloadUUID</key> <string>4CVN134B-6623-12F3-FF09-2132260HL2KA</string> <key>PayloadVersion</key> <integer>1</integer> <key>SkipTouchIDSetup</key> <true/> </dict> </array> <key>PayloadDescription</key> <string>Skips the Touch ID Setup pop-up window</string> <key>PayloadDisplayName</key> <string>Skip Touch ID Setup</string> <key>PayloadIdentifier</key> <string>com.company.configure</string> <key>PayloadOrganization</key> <string>Company Name</string> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>4556D358-H9K4-11F2-2167-362989F2894O</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist> |
What happens at the device end?
Once the policy and custom configuration are associated, the Touch ID pop-up window is disabled in the Setup Assistant screen for all accounts on the device.
- To create and customize configuration profiles, you can use tools like Apple Configurator, Profile Manager or manually create them using text editors.
- Use non-encrypted .mobileconfig, .xml, or plist files to deploy profiles across devices.
- Ensure that you do not associate conflicting configurations with the devices.
- Use wildcards to fetch key values from the portal.
- It is recommended to manually validate the configuration profile execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the configuration profile.
