Configuring a macOS script policy on Ivanti EPMM

Create a policy for the macOS shell scripts you intend to run on macOS devices. The macOS script policy includes the root certificate used to sign your scripts. Ivanti Mobile@Work for macOS uses the certificate to validate the scripts before running them.


  1. Select Policies & Configs > Policies.
  2. On the Policies page, select Add New.
  3. Select iOS and macOS > macOS Only > Mobile@Work macOS Script.
  4. In the Add Mobile@Work macOS Script Policy dialog box, add the root certificate for your macOS shell script, as described in Exporting the CA public key certificate for your macOS scripts.




    Enter a name for the policy.


    Select the relevant radio button to indicate whether the policy is Active or Inactive.

    Only one active policy can be applied to a device.


    Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available.

    Select Higher than or Lower than, then select an existing policy from the drop-down list.

    For example, to give Policy A a higher priority than Policy B, you would select “Higher than” and “Policy B”.


    Enter an explanation of the purpose of this policy.

    Upload Public Key

    Upload the .pem certificate file to the script policy.

    Public Key

    Once uploaded, the public key displays here.

    Max Response Size (in KB)

    Enter the maximum response size for any macOS scripts you run on devices. The maximum response size limits the size of data Ivanti Mobile@Work for macOS returns to Ivanti EPMM after running a script. This is the stdout or stderr data that is returned when running a macOS script.

  5. Select Save.
  6. Select the policy you just created, and apply it to the relevant labels.