This article guides you through the process of remotely deploying Insightful onto multiple macOS devices without your employees noticing. We'll cover the creation of necessary configuration profile settings to ensure that all permissions are set in advance.
If you wish to install Insightful directly on your employees' devices or let them do that by themselves, please check out our article on Company Computer installation steps for MacOS.
A Configuration profile is a settings file used to configure devices. It allows administrators to remotely control various settings and features of the device, such as Wi-Fi networks, email accounts, security settings, and app permissions.
Before remotely deploying the Insightful desktop app there are three permissions required for the application to operate:
Accessibility (mandatory)
Automation (mandatory)
Screen&System Audio Recording (optional but if you want to use screenshots/screen recording features - mandatory)
Enabling these permissions remotely when deploying the Insightful app via the MDM is achieved using Configuration profiles that can be requested from our Support team by answering questions from this section or configuring by yourself.
For each of these permissions, we'll provide a brief explanation of its purpose and how configuration profiles can be used to enable them remotely without requiring manual user intervention.
Accessibility
Purpose: Essential for core functionality and enables Insightful to operate within all other applications.
It can be found by navigating to System & Privacy → Privacy → Accessibility where the Workpuls should be added to the list and enabled:
When Insightful is deployed remotely using a configuration profile, the necessary permission will be automatically granted, ensuring that Workpuls is enabled without the following prompt requiring additional user action:
Automation
Purpose: Enables Insightful to capture browser URLs.
It can be found by navigating to System & Privacy → Privacy → Automation where the Workpuls should be added to the list and browsers enabled:
When Insightful is running on a user's device, and when they open a browser, they will be prompted to permit Automation if they have not already done so. Enabling this permission remotely using a configuration profile will suppress any prompts.
Screen&System Audio Recording
Purpose: Enables Insightful to capture screenshots and screen recordings.
It can be found by navigating to System & Privacy → Privacy → Screen Recording where the Workpuls should be added to the list:
Users will be prompted to allow Screen Recording access when Insightful attempts to capture a screenshot or start recording for the first time (screenshot below), in case the permission is not already allowed.
Important: Enabling this permission via a configuration profile will automatically add Workpuls to the list of allowed apps and suppress the initial prompt shown above. However, users will still need to manually confirm the necessary permissions in System Preferences → Security & Privacy → Screen Recording due to macOS’ security restrictions.
MacOS Sequoia 15 or the latest versions
With the release of macOS Sequoia (version 15+), users will encounter prompts to grant or renew screen recording permissions while using Insightful every 30 days. These prompts arise due to Apple’s new security protocols, which limit the duration of screen recording permissions.
The configuration profile we will send you will include a setting for disabling these prompts ensuring that the screen recording permission is always allowed:
If you want to suppress these prompts by yourself, you can enable the "forceBypassScreenCaptureAlert" key in your configuration profile.
Disabling background items prompt
When the Insightful desktop app is installed on the device, Background items have been added prompt will appear in the top-right corner of the desktop. Additional configuration can be sent to address this prompt as well.
! Important: If this setting is applied it will suppress this prompt from all other applications as well.
Configuration profile for your organization
To ensure we provide the most suitable configuration profile for your needs, please answer these brief questions and send your response to support@insightful.io:
Do you use Visible or Stealth visibility mode?
Do you use the Screenshots or Screen Recording feature?
Which browser does your team utilize?
Do you want us to disable the Background items added prompt?
Which MDM tool do you use?
To learn more about the required macOS permissions for Insightful to function properly and how to manage and monitor these permissions for individual employees and the organization, please visit article: Permissions Visibility for macOS.
If you are using any other browser than Google Chrome or Safari, please use the following instructions from How the obtain the bundle ID section to obtain and send us this necessary information we will use to customize your configuration profile.
We can also provide you with a configuration profile that includes Accessibility and Screen&System Audio Recording and you can add Automation permission yourself.
If you are using the Jamf Pro MDM tool, you will be able to edit it and add permissions for the browsers your team utilizes by following instructions from Jamf Pro Deployment Instructions.
How to obtain the browser’s bundle ID
A Bundle ID is a unique string of characters that identifies an application on a specific platform. It is necessary for the configuration profile if you are using any browser other than Google Chrome or Safari.
To ensure Insightful can track browser activity by including Automation permission to your configuration profile, you must obtain the Bundle Identifier and Receiver Code Requirement for each desired browser you use.
To find this information, ensure the desired browser is installed on your PC, then open Terminal and insert the following command with the path to the browser:
codesign -dr - path/to/App
You will get an output similar to the one in this example. Please make sure that you copy ONLY the highlighted area:
If you want us to customize the configuration profile to include your specific browser, please provide us with the copied output.
Additional notes
Applying our default configuration profile and additional settings for removing background prompts will remove any prompts from Workpuls appearing on a device.
All these permissions can be applied even before the Insightful app is installed, they are deployed as soon as pushed.