This Library Item is available for Mac computers
What are Login & Background Items?
Login and background items refer to applications, processes, or scripts that are set to automatically start when a user logs in or when the system boots up. These items can enhance user experience by providing immediate access to frequently used applications or ensuring certain services are always running. Beginning with macOS Ventura, an end user receives alerts when an app has added a new login or background item and is provided with a way to disable it in System Settings > General > Login Items. To learn more about using MDM to manage background tasks in macOS, see Apple’s Platform Deployment guide.How managed Login & Background Items work
You can use configuration profiles that define managed login and background items. These profiles ensure that essential software and services are available immediately after login and can’t be disabled by end users, even those with local administrator credentials, enhancing security and improving the user experience. Managed Login and Background items rely on identifiers to allow specified background items.Identifier Types
For Bundle Identifier Prefix and Label Prefix, use the “com.example” format, and be sure not to includea trailing period. Also, do not include other special characters such as ”*”.
1
Bundle Identifier
Bundle Identifier
- This option maps to a bundle identifier of an app that has adopted Apple’s SMAppService API. Check with the software vendor to determine if this option can be used.
2
Bundle Identifier Prefix
Bundle Identifier Prefix
- This option lets you configure one rule for multiple apps sharing a bundle identifier prefix for apps that have adopted Apple’s SMAppService API. Check with the software vendor to determine if this option can be used.
3
Label
Label
- This is used to identify launch agents and launch daemons. To find the label, inspect the property list (plist) files in
/Library/LaunchAgents,/Library/LaunchDaemons, and those same folders in any user’s home directory. You can also use thesudo launchctl listcommand to find labels of actively loaded or running items.
4
Label Prefix
Label Prefix
- This is similar to the bundle identifier prefix but for labels. For example, if you have several custom launch daemons running on your systems, all with labels like com.myexamplecompany, you could specify that prefix to allow all of your items to load.
5
Team Identifier
Team Identifier
- Most commercial app vendors sign their software with the same Apple Developer Team ID. Check their documentation for additional details.
Choosing an Identifier Type
Iru suggests using the Team ID option whenever you can, as it’s the most secure choice. While bundle identifiers and labels can be mimicked by other software, code-signing identities linked to Apple Developer Team Identifiers are a core part of macOS security, making them much harder to fake. When you use the Team ID, apps that add themselves or that users add to Login Items can’t be toggled in System Settings. Instead, you can use the app’s own settings, or right-click on the Dock icon and select “Open at Login” from the “Options” menu to turn the feature on or off.Add a Login & Background Items Library Item
To add this Library Item to your Iru Endpoint Library, follow the steps outlined in the Library Overview article.1
Name the Library Item
Give the new Accessory & Storage Access Library Item a Name.
2
Assign to Blueprints
Assign to your desired Blueprints.
3
Add Background Item
Click Add Background Item.
4
Configure Background Item details
In the Modal that appears, enter the following details:
- The identifier Type (more details below)
- The Identifier itself
- An optional Comment (this is not used by macOS, but is for your reference)
5
Save Background Item
Click Save.
6
Add additional items (optional)
Optionally, repeat the previous steps to add additional background items.
7
Save Library Item
Click Save again.