Skip to main content

Mosyle

Deploying WhatPulse Professional with Mosyle

Mosyle Business (and Mosyle Fuse for MSPs) is a cloud-based Apple MDM platform that provides device management, app deployment, and security compliance for macOS (as well as iOS/iPadOS). With Mosyle, you can push custom PKG installers to Macs, execute scripts (Custom Commands), and install configuration profiles. In this guide, we'll deploy the WhatPulse Professional client to macOS devices using Mosyle's Install PKG feature and a custom script for the org activation, ensuring a silent and automated installation.

Prerequisites

  • Mosyle Admin Access: You must have a Mosyle Business account with admin privileges. Ensure your target Macs are enrolled in Mosyle and appear in the Mosyle dashboard (with the Mosyle agent/profile installed).
  • WhatPulse Installer (.pkg): Download the latest WhatPulse Professional .pkg installer for macOS from the WhatPulse downloads page. Mosyle's app installation mechanism works with signed .pkg files.
  • Organization ID and Files: Have your WhatPulse Organization ID available. We'll use Mosyle's scripting to create the required org ID file on each Mac. Also, consider preparing a configuration profile for WhatPulse's permissions.

Deployment Steps

  1. Upload the WhatPulse PKG to Mosyle: In the Mosyle admin portal:
    • Navigate to the Management section (left-hand menu).
    • Select Install PKG from the list of deployment options (this is where you add custom macOS packages for installation).
    • Click the PKGs tab if not already there, and then click Add new package.
    • In the package upload form, give the package a name (e.g., "WhatPulse Professional") and description if desired.
    • Upload the WhatPulse .pkg file by clicking the upload button and selecting the file. Mosyle will upload and scan the package.
    • Optionally, you can choose the Install Criteria (like "only if device is on macOS 11+", etc.) and whether to Force Restart (WhatPulse doesn't require a restart after install, so you can typically leave that off).
    • Save/Upload the package. After saving, the package will appear in your list of custom packages.
  2. Assign the PKG to Devices: After uploading, you need to deploy the package via an Installation Profile:
    • Still under Install PKG, find your "WhatPulse Professional" package listing. Click on Scope or Install/Assign (the interface may prompt you to assign if it's new).
    • Choose the target devices or a device Group/Profile. For example, you might select a Smart Group containing all Mac computers, or manually select specific devices.
    • Set the Execution timing. Mosyle gives options like "Install ASAP", "Install at next check-in", or scheduling a specific time. For immediate deployment, choose to install as soon as devices are online.
    • If Mosyle asks for a trigger (some MDMs call it on enrollment or on schedule), select the appropriate option (often, simply adding to scope with ASAP will push it right away).
    • Save or Apply this assignment. Now Mosyle will push the WhatPulse package to all scoped devices. On each Mac, the Mosyle agent will download the PKG from Mosyle's cloud and execute it silently.
  3. Deploy the Org ID File via Custom Command: To automate client registration, use Mosyle's Custom Commands (shell scripts) feature:
    • In the Mosyle dashboard, go to Management > Scripts (or Custom Commands) for macOS.
    • Add a New Custom Command for macOS. Give it a title like "Create WhatPulse Org ID file".
    • In the script editor, enter a Bash script that will create the file. For example:
#!/bin/bash
ORG_ID="<Your Organization ID>"
/usr/bin/printf "%s" "$ORG_ID" > "/Applications/WhatPulse/wp-pro-org-id.txt"

This script will run on the Mac and write your org ID into the proper file. We use printf to avoid any formatting issues (you could also use echo). Replace <Your Organization ID> with the exact org name or ID string (keeping quotes if there are spaces).

  • Under Execution Frequency, choose Once per device (we only need to do this one time after installation). Ensure it's set to run as root/System (Mosyle runs custom commands as root by default).
  • Scope the command to the same set of devices that receive the WhatPulse install. (For example, if you deployed the PKG to "All Macs", then scope this script to All Macs as well. Or use the same group.)
  • Add a Condition (optional): You might add a simple condition to ensure the script runs only after WhatPulse is installed. For instance, a condition script could check if /Applications/WhatPulse/WhatPulse.app exists before creating the file:
if [ -d "/Applications/WhatPulse.app" ] || [ -d "/Applications/WhatPulse" ]; then
    exit 0  # condition met, proceed
else
    exit 1  # condition not met, retry later
fi

Mosyle allows a separate condition script; the above ensures the org ID file is created only if the app folder exists. This prevents the command from running too early.

  • Save the custom command. Mosyle will now queue this script for execution. Typically, if you added a condition, it will retry until the condition is true (i.e., after the app gets installed).
  1. Configure Privacy Permissions (PPPC Profile): To suppress permission prompts for Accessibility and Input Monitoring:
    • Go to Management > Profiles & Certificates in Mosyle (or the area to add configuration profiles).
    • Click to Add Profile and select macOS. Within the profile settings, look for an option for Privacy Preferences or Custom Profile. If Mosyle has a built-in template for PPPC, use it. Otherwise, you can upload a custom .mobileconfig.
    • If using Mosyle's UI: Add a Privacy Preferences payload. Enter the Bundle ID for WhatPulse (com.whatpulse.mac) and the Team ID. Then specify granting of Accessibility = Allow and Input Monitoring = Allow to this app.
    • If uploading a profile: You can create a PPPC profile using Apple's Profile Creator or PPPC Utility with the same settings and upload it.
    • Scope this profile to the target devices as well (e.g., All Macs or the specific group). Save and push the profile.
    • Once deployed, this ensures that when WhatPulse launches on the client, macOS will not prompt the user; the permissions are pre-granted by the MDM.
  2. Deployment and Timing: The order of operations via Mosyle will generally be:
    • The Install PKG profile pushes the WhatPulse package. Devices will receive and execute the install silently (users typically won't notice anything aside from perhaps increased network usage during download).
    • The Custom Command, if scoped, might run slightly before or after the install depending on timing. With the condition in place, it will wait until the app exists, then drop the org file. If no condition script was set, Mosyle might execute it around the same time; even if it runs before installation, the script would simply create the path (or fail if the directory doesn't exist). By including a check or by scheduling the script to run after a short delay, you ensure the file is created after install.
    • The PPPC profile can be installed anytime (even prior to app installation). As long as it's in place by the time WhatPulse first tries to request permissions (which is on first launch), the app will be allowed.
  3. Verification:
    • In the Mosyle dashboard, check the Device List or Management section for the status of the Install PKG command. You should see each target device marked with a status (e.g., "Installed" or a green check) for the WhatPulse package. Mosyle might show a log under Install PKG for successes or any failures.
    • Likewise, check the Custom Commands section to see the execution results of your org ID script. Mosyle provides output logs per device; a successful run (exit code 0) indicates the script executed. If you included the printf command, there might not be much output unless you add an echo like "Org ID file created" for confirmation. If a device hasn't run it yet, it could be queued until the app is present (if you set that condition).
    • On a sample Mac, verify:
      • Installation: WhatPulse is present in /Applications (the app bundle "WhatPulse.app" inside the WhatPulse folder). The version should match the one you deployed.
      • Org File: The file /Applications/WhatPulse/wp-pro-org-id.txt exists and contains your org ID. (Open it in a text editor or use cat to confirm the contents.)
      • Permissions: In System Preferences (System Settings) > Privacy & Security > Accessibility, WhatPulse should be listed and checked as allowed. Similarly for Input Monitoring. If the PPPC profile worked, these will be pre-allowed (gray-locked indicating managed by MDM). If not, the user would get a prompt on app launch.
      • Auto-launch: WhatPulse by default might start at login. You can log out and back in to see if it auto-starts (check for the WhatPulse icon in the menu bar). If it doesn't auto-start, you can manually launch it to test functionality.
    • WhatPulse Dashboard: Log in to your WhatPulse Professional web dashboard. All devices that installed the app and received the org ID should appear under Pending Computers for your organization. This means they have successfully registered. If some do not appear, those might have missed the org ID file creation – check those devices for the file or rerun the custom command on them.
    • Once you activate/approve the pending computers in the dashboard, they will start sending data. You can then verify on the client that stats are being recorded (keystrokes increment, etc., assuming permissions are granted).
  4. Cleanup and Maintenance:
    • After confirming deployment, you might choose to remove the custom command from repeating (since it was once per device, it won't run again on the same device unless you reset it). Mosyle typically automatically won't re-run a once script on the same device.
    • The Install PKG profile can remain in place if new devices join that group – they'll get WhatPulse upon enrollment automatically (a nice onboarding benefit). If you only wanted a one-time push, you could later remove that profile, but usually it's fine to leave it so that any future device in that scope also gets the software.
    • Mosyle will handle keeping the app installed if you mark the installation as required. If a user removes WhatPulse, Mosyle can re-push it (depending on settings "Install PKG once" vs "always"). Typically, Mosyle's default is to enforce it at least once; to re-enforce, you might have to re-scope or use a different mechanism.

By using Mosyle's package deployment and scripting, we achieved a zero-touch installation of WhatPulse. The combination of the PKG installation and the follow-up org ID script is crucial – you generally need the pkg, plus a script for these kinds of deployments (and a PPPC profile for permissions). After deployment, each Mac is running WhatPulse and automatically appears in your org dashboard, with no user action required. All that's left is for an admin to activate the new clients in WhatPulse Pro. From then on, stats gathering is automatic, and any future updates to WhatPulse could be deployed similarly via Mosyle by uploading a new PKG and using the same org file (which will already exist from this initial setup).