Distribution & Pre-configuration via MDM

When deploying the Twingate Client to employees via an MDM solution, there are two tasks that can be automated:

• Installing the Twingate Client application. The macOS Twingate Client is available as a standalone app or for free on the Mac App Store. The iOS Twingate Client is available for free on the App Store. MDM solutions allow distribution of public apps.
• Pre-configuring your network name (eg. autoco.twingate.com), so that employees do not need to enter this on initial setup. This eliminates all configuration for the user.

MDM Configuration Guides

The following guides are available for specific MDM applications:

• VMWare Workspace ONE
• Kandji
• Jamf

Distribute Twingate using Apple Business Manager

Formerly known as VPP (Volume Purchasing Program), Apple Business Manager (ABM) allows companies to distribute App Store and Mac App Store apps to managed devices without required employees to sign in using their own Apple ID.

If employee devices are managed by your company, or your users do not have Apple IDs configured on their devices, you can distribute Twingate using a mobile device management (MDM) solution like JAMF or VMWare Workspace ONE.

Twingate is a free app available on the Mac App Store and App Store, however in order to distribute it via an MDM solution, you must “purchase” seats for the Twingate app before they can be distributed via your company’s MDM solution. You’ll need to go through the following steps:

1. Sign in to Apple Business Manager (user guide) with your company’s central Apple ID account.

2. Search for “Twingate”, and select the number of seats you wish to provision. There is no cost involved.

3. The Twingate app and the number of unallocated seats will be visible in your MDM solution, allowing you to install the app on managed devices without users needing to sign in using their personal Apple ID.

Twingate Network Pre-configuration

When the Twingate macOS Client application starts for the first time, we look for an Apple property list (.plist) file in specific locations to configure one or both of the following settings:

• A pre-configured Twingate network subdomain (eg. autoco from autoco.twingate.com). This avoids users needing to enter your Twingate network address on first run.
• Whether the Twingate Client should start at login. This prevents users from needing to launch Twingate after signing into the device.
• (Standalone only) Whether the Twingate Client should automatically check for updates.

You can configure your MDM solution to push the plist file below to either of the following locations:

/Library/Preferences/com.twingate.macos.plist

/Library/Managed Preferences/com.twingate.macos.plist

If property list files are found in both locations, the file in /Library/Managed Preferences will take priority.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>startAtLogin</key>
    <true/>
    <key>network</key>
    <string>autoco</string>
    <key>SUEnableAutomaticChecks</key>
    <false/>
</dict>
</plist>

In the example above, ”autoco” would be replaced with the name of your Twingate network subdomain and the Twingate Client will start at device login.