Liftoff

By Joe Wyatt-Borner

Learn how to configure and use Liftoff in your enrollment workflows

We encourage customers to duplicate their existing Blueprints and create a testing Blueprint to fully validate Liftoff against their current workflows. Custom scripts, apps, etc., that may wait on user input will potentially be blocked from view and cause Liftoff to hang until the agent check-in times out. 

When does the macOS agent run Parameters run with Liftoff?

  • If no Liftoff configuration exists in the Blueprint, the macOS agent will run all the Parameters and then all the Library Items in the Blueprint.
  • If there is a Liftoff configuration within the Blueprint, the macOS agent will run all the Library Items in the Blueprint and then run all the Parameters in the Blueprint.

When Does Liftoff Launch on a Mac?

Liftoff has logic to determine when it should launch on a Mac. The current logic flow is described below. For a new Mac enrolling via Automated Device Enrollment, Liftoff should launch immediately after the macOS Setup Assistant ends and the user is logged in. Liftoff supports Automated Device Enrollment workflows in which a user is automatically provisioned as the Auto Admin account. 

  • If no Liftoff configuration exists in the Blueprint, the macOS agent will record that Liftoff was not eligible and will not attempt to retrieve the configuration again.
  • If there is a Liftoff configuration within the Blueprint, the details will be retrieved.
    • If the enrollment trigger is set to Automated Device Enrollment only or to Manual Device Enrollment only, the agent will evaluate the Mac computer's enrollment type. If the device's enrollment type does not meet the criteria, the macOS agent will record that Liftoff was not eligible and will not attempt to retrieve the configuration again.
    • If All Enrollments are specified, the agent will not evaluate the enrollment type.
  • If the enrollment criteria make the computer eligible to run Liftoff, the time period in which the computer has been enrolled will be evaluated.
    • If the length of time of the Mac computer's enrollment is more than 1 hour, the macOS agent will record that Liftoff was not eligible and will not attempt to retrieve the configuration again.
  • If all criteria to run Liftoff are met, the macOS agent will then load the LaunchAgent that will launch Liftoff and begin an initial check-in.

Exit Password

Liftoff has an exit password that can be used when Liftoff is in Full Screen or Window mode. In either case, the exit password can be used in the following scenarios: 

  • The exit password can be used to unlock Full screen mode, allowing for troubleshooting if Library Items are not installing as intended. This is only applicable when using Full screen mode.
  • The exit password can be used to quit the app prior to the agent run completing through the Menu bar; this additionally unloads the launch agent.
    • This can be done after using the exit password to release Liftoff from Full Screen or Window mode. Window mode initially does not allow an early exit or show the Quit option in the menu bar.
  • To open the Exit Password prompt, press these keys simultaneously: Command-Shift-K-J-D. uqGZeVFRS786oPnOcPrir2snVEKJeJhrrw

Required Restarts

If single or multiple Library Items require a restart—such as a Custom App or Custom Script with the "Require restart" option enabled—all restart requests will be collated and held until the end of the Liftoff run. When a Library Item that is installed through Liftoff requires a restart, the restart timer will always be 5 minutes instead of the typical 30-minute countdown. 

What Liftoff Shows

Liftoff does not change how a Mac computer's initial agent check-in works after enrollment. It displays information about the check-in that would typically be visible only via the Kandji web app or the Command Line Utility; it gives users visibility into what is being set up on their Mac. Liftoff shows the following Library Item types:

  • Custom Scripts
  • Custom Printers
  • Custom Apps
  • Auto Apps

Managed OS

Managed OS settings will not be applied during Liftoff. Instead, after Liftoff has completed, the device will begin to cache the update in the background. Once the update is ready to install the user will be alerted.

For Automated Device enrollments, you can also Require a Minimum OS for eligible devices.

Configure Liftoff

To add Liftoff to a Blueprint , create a new Liftoff Library Item by selecting it from the Add Library Item page (Library > Add New). Like Automated Device Enrollment, you can only have a single Liftoff Library Item per Blueprint.

  1. Give your Liftoff configuration a Name.
  2. Assign the Liftoff configuration to your desired Blueprint.

  3. Select your Enrollment trigger; the available options include:
    • All enrollments: Liftoff will be presented regardless of enrollment type.
    • Automated Device Enrollment only: Liftoff will only be presented to devices enrolled via Automated Device Enrollment.
    • Manual enrollment only: Liftoff will only be presented to devices enrolled via Manual device enrollment.[figure]
  4. Upload a Logo—a graphic that will appear in the upper-left corner of Liftoff. This is optional. The default image is for light mode.
    • If you also wish to include an icon for dark mode, select Add Dark mode logo after uploading your light mode logo. This icon will be used instead of the main logo when the user enables Dark Mode.
  5. Select a Display mode. We recommend using Window mode for initial testing for easy troubleshooting. Your display mode options are:
    1. Full screen: Liftoff will be presented in Full screen mode and will prevent the use of the Mac until the initial agent check-in is completed. You can use the exit password to exit Liftoff early. 
    2. Window: Liftoff will be presented in windowed mode. This will not prevent the use of the Mac, but Liftoff will be locked to the forefront. You can use the exit password to exit Liftoff early.
  6. An Exit password is automatically generated. Learn how to use the exit password above. 
  7. Clicking Generate new password and clicking Save will replace the existing exit password. A replaced exit password is not logged. FdJZW1lFnX4B5ANae90Wvu2ZXOIfRxMqeA
  8. Customize the Install screen header and subheader; see the Customize the Install Screen section below.
  9. Switch between Light Mode and Dark Mode previews.jzkKsJ49MlNDBX674ZClumlb-dqCOgMyTg
  10. Customize the Help screen header and body; see the Customize the Help Screen section below.
  11. Switch between Light Mode and Dark Mode previews.KS0vvV5QmtO5xIQRal6_-OHNu1PbkcIsuA
  12. You can optionally turn off the Complete screen. If the Complete screen is not enabled, Liftoff will exit after completion. 
  13. Customize the Complete screen header, subheader, and cards. See the Customize the Complete Screen section below.
  14. Switch between Light Mode and Dark Mode previews.zHAoUFd40El_hV5NcBzPoEu0NA67peUiMQ 
  15. Click Save when you are satisfied with your Liftoff configuration.

Customize the Install Screen

The Install screen's header and subheader can be customized. As you update the text on the right side of the window, the preview on the left is automatically updated to provide a preview of how it will be displayed for your users.

  1. Specify a Header for the Install screen. 
  2. Specify a Subheader for the Install screen. 
  3. You can restore the default text provided by clicking Restore defaults.
  4. Click Done when you are finished with your customizations. The preview in the web app will update, reflecting your changes. qialNC1cFKroUwDNyUHFUBzOfGgCC8f6pQ

Customize the Help Screen

The Help screen's header and subheader can be customized. Note that as you update the text on the right side of the window, the preview on the left is automatically updated to provide a preview of how it will be displayed for your users.

  1. Specify a Header for the Help screen. 
  2. Specify a Body for the Help screen. 
  3. You can restore the default text provided by clicking Restore defaults.
  4. Click Done when you are finished with your customizations. The preview in the web app will update, reflecting your changes.

y5W94K59BxEJnW34aDFWZGNyUAbDOmxIKQ

Customize the Complete Screen

The Complete screen's header and subheader can be customized. Note that as you update the text on the right side of the window, the preview on the left is automatically updated to provide a preview of how it will be displayed for your users.

  1. Specify a Header for the Complete screen. 
  2. Specify a Subheader for the Complete screen. 
  3. Click and drag the drag-and-drop icon to reorganize the links. Click the trash icon to delete a link. 
  4. Click Add link to add an additional link; you can have a maximum of four. 
  5. Upload a custom icon for your link. 
  6. Specify a Title for the link (required).
  7. Specify a Subtitle for the link (required).
  8. Specify the Button text for the link (required).
  9. Specify a Button URL for the link, which will be launched when the user clicks the button (required). Button URLs support the following URL schemes:
    • http:// or https://
      • Opens in the default browser, which is Safari unless the user has selected a different one.
    • mailto://
      • Opens in the default mail app, which is Mail unless the user has selected a different one.
      • On iOS and iPadOS, if the user hasn't yet configured a mail account, tapping a mailto:// bookmark results in an error.
    • file:// (only supported on macOS) For more information about file paths in macOS, please refer to Apple's documentation.
      • Opens a file from a specified path.
      • Using three consecutive slashes, such as file:///path/to/file when defining file paths is recommended.
  10. If you need to restore the provided defaults, click Restore defaults
  11. Click Done when you are done with your customizations.