Workbrew Deployment Guide: Mosyle Business

Outcomes

By the end of this deployment guide you will:

• Understand the available mechanisms to deploy Workbrew through Mosyle Business,

• Configure Mosyle Business to allow Workbrew to manage your fleet's Homebrew installations,

• Be ready to deploy Workbrew to your devices.

Pre-requisites

Before you begin following this guide, you should:

• Have access to a Mosyle Business instance,

  • with user privileges to:

    • Create API integration tokens (Organization > Integrations),

    • Create and manage Custom Commands,

    • Create and manage Install PKG profiles,

    • Manage device group assignments.

• A Workbrew workspace:

  • New to Workbrew? Create a free account and follow the Getting Started guide.

• Be aware of the system requirements for Workbrew (and Homebrew):

  • Everything Homebrew requires:

    • An Apple Silicon CPU or 64-bit Intel CPU.

    • macOS Ventura (13) (or higher) installed on officially supported hardware.

    • The Bourne-again shell for installation (i.e. bash).

    • Don't worry about the Command Line Tools (CLT) for Xcode requirement, Xcode CLT will be installed as part of deployment.

  • Device enrolled in Mosyle Business.

  • User account in the admin group or in the workbrew_users group

---

Quickstart

Are you an experienced Mosyle administrator? These steps will get you up and going quickly. Read on for more detailed explanations.

1. In Mosyle Business, navigate to Organization > Integrations > Mosyle API Integration and create a new API token. Save the Access Token. You will also need the email and password of an admin account with API access.

2. In the Workbrew console, enter the workspace settings and select Mosyle as the MDM Type. Enter your Mosyle Account Email, Access Token, and Account Password, and then save the Workbrew Workspace API key and installation script.

3. In Mosyle Business, add the Workbrew Workspace API key and installation script as a new Custom Command. Under Execution Settings, set Execute command: to run immediately upon assignment for your devices.

Important: The installation script must run and complete successfully before the next step. Mosyle Business has no built-in way of enforcing the order in which Custom Commands run and Install PKG profiles are applied. We recommend you add the installation script and ensure all devices have successfully run it before deploying the Workbrew .pkg.

4. In Mosyle Business, add the Workbrew .pkg as a new package in Install PKG, and create a profile to deploy it to your devices.

5. In the Workbrew console, after deployment to a device, check Devices to ensure the expected device appears (please be aware that device inventory is updated periodically, not in real time).

6. If needed, check the Troubleshooting guide and FAQ or contact us for support.

---

Deployment Overview

Workbrew is installed using a signed .pkg file, which installs several components:

• The Workbrew agent.

• The Secure Workbrew CLI, a wrapper around the standard Homebrew CLI.

Before installing the Workbrew .pkg on each device, you must run a (bash) script which connects the Workbrew agent to your Workbrew Console. The script also installs Command Line Tools for Xcode if your devices do not already have it. The Workbrew Console connection wizard will guide you through customization to your install script.

You can deploy the installation script as a Custom Command and the Workbrew .pkg through an Install PKG profile. Mosyle Business has no built-in way of enforcing the order in which Custom Commands run and Install PKG profiles are applied. We recommend you add the installation script and ensure all devices have successfully run it before deploying the Workbrew .pkg.

In brief, you will perform these steps to ready Workbrew for deployment:

• Create a Mosyle API token and note your admin credentials,

• Complete the Workbrew Console connection wizard, adding the API credentials in the process,

• Add the Workbrew setup script as a Custom Command in Mosyle Business,

• Add the Workbrew Package as an Install PKG profile in Mosyle Business,

• Assign both the Custom Command and Install PKG profile to your target devices.

---

Connecting Workbrew

Creating an API Token in Mosyle Business

To populate your Workbrew Console with information about your devices, Workbrew requires API access to your Mosyle Business instance. In this section, you will create an API token and note the admin credentials required for authentication.

In Mosyle Business:

• 1. Click Organization in the top navigation bar.

• 2. In the left sidebar, select Integrations, then select Mosyle API Integration.

• 3. Click Add new token.

• 4. Enter "Workbrew Console API" as the Profile name.

• 5. Under Access Method, leave it set to Public, or choose Restricted by Server IP (Recommended) if your organization requires IP allowlisting.

• 6. Leave the Allow all current and future endpoints checkbox enabled.

• 7. Click Save.

• 8. Copy and securely save the Access Token. It is only displayed once.

In addition to the Access Token, Mosyle API authentication requires admin credentials (an email address and password). We recommend creating a dedicated admin account for this purpose:

• Navigate to Organization > Users & Groups > Administrators.

• Create a new administrator with a descriptive name (e.g., "Workbrew API User").

• Click View Advanced Options, then check Limit user permissions and click Select to create a role with View permissions enabled, plus API Integration permissions (View, Create, Update, Delete).

• Save the email and password of this account for the next step.

Add Mosyle to your Workbrew workspace

The credentials from the previous step will allow Workbrew to read from your Mosyle Business instance using the API. In this section, you will register Mosyle as your MDM of choice within Workbrew.

• From the Workbrew Console, select Settings. Ensure you are in the Workspace tab.

• Under MDM Type, select "Mosyle".

• In the Mosyle Account Email field, enter the email address of the admin account.

• In the Mosyle Access Token field, enter the Access Token generated in the previous section.

• In the Mosyle Account Password field, enter the password of the admin account.

• Click Update Workspace.

• Open Workbrew Workspace API key and installation script, copy the script, and store it for later. This script will run as a Custom Command before the package is installed.

---

Preparing the deployment artifacts

Add the installation script

The Workbrew Workspace API key and installation script saved in the previous step prepares the device for a Workbrew installation, setting environment variables for workspace directories and the Workbrew Workspace API key. It also installs a Homebrew dependency, Command Line Tools for Xcode, using MacOS's softwareupdate utility. In this section, you will add the script to Mosyle Business as a Custom Command.

In Mosyle Business:

• 1. Click Management in the top navigation bar.

• 2. In the left sidebar, select Custom Commands. If it is not listed, click + Activate New Profile Type, search for "Custom Commands", and click Activate.

• 3. Click Add new profile.

• 4. Enter "Workbrew Workspace installation and setup" as the profile name.

• 5. In the Code tab, paste the Workbrew Workspace API key and installation script into the code editor.

• 6. Select the Execution Settings tab. Under Execute command:, select when the command should run:

  • For new devices and devices that are already enrolled, select "Immediately when saving the profile, upon assignment, or based on schedule or events" to run the script on all assigned devices immediately and upon future assignment.

  • If you prefer to trigger the command only on a scheduled basis or via events, select "Only based on schedule or events".

• 7. Assign the Custom Command to the desired devices or device groups.

• 8. Click Save.

Important: The installation script must run and complete successfully before the Workbrew .pkg is installed. Mosyle Business has no built-in way of enforcing the order in which Custom Commands and Install PKG profiles are applied. We recommend you ensure all target devices have successfully run the script before continuing to the next step. You can verify this from the Custom Command's status in the Mosyle Business console.

Add the package

The Workbrew .pkg installs Workbrew, including the agent, CLI, and Homebrew. In this section, you will add the package to Mosyle Business so that it can be distributed to your devices.

Download the package, and then in Mosyle Business:

• 1. Click Management in the top navigation bar.

• 2. In the left sidebar, select Install PKG. If it is not listed, click + Activate New Profile Type, search for "Install PKG", and click Activate.

• 3. Select the PKGs tab.

• 4. Click Add new package.

• 5. Upload the Workbrew .pkg. Ensure the file name does not contain spaces.

• 6. Once the package has been uploaded, select the Profiles tab.

• 7. Click Add new profile.

• 8. Enter "Deploy Workbrew" as the profile name.

• 9. Select the Workbrew package uploaded in the previous step.

• 10. Assign the profile to the same devices or device groups that you assigned the Custom Command to.

• 11. Click Save.

---

Deployment

Once both the Custom Command and Install PKG profile are saved and assigned, Mosyle Business will deploy them to the target devices.

You may want to deploy to one or more test devices first to verify the deployment and ensure devices connect to Workbrew and are visible in the console. Workbrew devices check-in on a periodic basis, so it may take a little while for a new device to appear in your console.

For ongoing management, you can assign additional devices or device groups to both the Custom Command and Install PKG profile from the Management section in Mosyle Business.

---

Support

• Getting Started

• Frequently Asked Questions

• Troubleshooting

• Workbrew Blog

Have suggestions or feedback? Submit a general inquiry here.