Using variables in iOS/macOS Profiles

Creating profiles with parameters in them is the ability to insert string/bool/int/datetime variables into a profile so that they can be dynamically used on many devices.

The following will help you understand what fields can be used, and what information will come from them.

Remember: The below options are for FileWave's built in abilities. You can always create your own options by creating custom fields that are either mapped to LDAP attributes, custom scripts, or manually entered variables. See 8.9. Custom Fields in the manual for more information.


What are my Options:

LDAP Variables

FileWave version 6.1 allows you to use Directory based variables in your profile payloads.

User
%first_name%
%last_name%
%full_name%
%short_name%
%email%
%job_title%
%mobile_phone%
%guid%

Setting up a directory server for use with Parameterized Profiles is easy. Navigate to the FileWave Preferences Screen and fill out the appropriate information for your OpenDirectory, Active Directory or E-Directory. For issues and troubleshooting related to your LDAP preferences, please refer to the LDAP section of this manual.

You must also be using LDAP authentication for iOS device enrollment. Instructions for that setup are in the MDM portion of this manual.

For the above user strings to work you must be pointed to an Directory server and have it selected as authentication ( See Creating an LDAP server entry in Preferences ).

You can also map custom fields to LDAP variables to extend the above list.

See FW Manual - Custom Fields for more.

Inventory / Device Variables:

Starting in FileWave 6.1+ you can reference specific information about the device as well, directly from FileWave Inventory. Those fields are:

Device
%OSVersion%
%SerialNumber%
%ProductName%
%BuildVersion%
%WIFIMAC%
%ICCID%
%IMEI%


All Devices:

Common Device Variables

Type

FileWave Version Introduced
%archived%datetime13.0.0
%auth_username%string13.0.0
%cpu_count%int13.0.0
%cpu_type%string13.0.0
%current_ip_address%string13.0.0
%last_enterprise_app_validation_date%datetime13.0.0

%last_state_change_date%

datetime13.0.0
%department%string13.0.0
%device_id%string13.0.0
%device_name%string13.0.0
%device_product_name%string13.0.0
%enroll_date%datetime13.0.0
%filewave_client_name%string13.0.0
%filewave_id%string13.0.0
%free_disk_space%int13.0.0
%is_system_integrity_protection_enabled%bool13.0.0
%is_tracking_enabled%bool13.0.0
%last_check_in%datetime13.0.0
%last_ldap_username%string13.0.0
%last_logged_in_username%string13.0.0
%location%string13.0.0
%management_mode%int13.0.0

%monitor_id%

string13.0.0
%ram_size%int13.0.0
%serial_number%string13.0.0
%state%int13.0.0
%total_disk_space%int13.0.0
%unenrolled%bool13.0.0
%is_user_enrollment%bool13.2.0
%is_activation_lock_manageable%bool13.2.0
%remote_desktop_enabled%bool13.2.0
%external_boot_level%bool13.2.0



Desktop Specific (macOS & Windows)

Desktop Device Variables

Type


%device_manufacturer%string13.0.0
%filewave_client_locked%bool13.0.0
%filewave_client_version%string13.0.0
%filewave_model_number%int13.0.0
%rom_bios_version%string13.0.0

 iOS Specific

iOS Device Variables

Type


%battery_level%float (from 0 to 1)13.0.0
%last_cloud_backup_date%datetime13.0.0
%last_wallpaper_change_date%datetime13.0.0
%apple_device_id%string13.0.0
%eas_device_identifier%string13.0.0
%is_activation_lock_enabled%bool13.0.0
%is_device_locator_service_enabled%bool13.0.0
%is_do_not_disturb_in_effect%bool13.0.0
%is_cloud_backup_enabled%bool13.0.0
%is_mdm_lost_mode_enabled%bool13.0.0
%is_supervised%bool13.0.0
%awaiting_configuration%bool13.0.0
%is_network_tethered%bool13.0.0
%itunes_store_account_is_active%bool13.0.0
%itunes_store_account_hash%string13.0.0
%languages%string13.0.0
%locales%string13.0.0
%maximum_resident_users%int13.0.0
%meid%string13.0.0
%model%string13.0.0
%organization_info%string13.0.0
%product%string13.0.0
%product_name%string13.0.0

You can also map custom fields to script results to extend the above list.

See FW Manual - Custom Fields for more.

You can also look in the inventory query builder and it will tell you the internal name in the bottom left:

Using parameters in profiles:

To add parameters to your profiles, simple replace the normal value with one from the list above.

For instance, you might create an email profile with the account information. See the example here:

Sample Profile

Appendix:

Directory servers use their own values for common fields. Below is the mapping for each supported directory:

E-Directory:

Profile variable

LDAP attribute name

Remarks

short_name

uid


first_name

givenName


last_name

sn


full_name

fullName


email

mail


job_title

title


mobile_phone

mobile


guid

GUID

A binary read-only attribute


Open Directory:

Profile variable

LDAP attribute name

email

mail

first_name

givenName

full_name

fullName

guid

apple-generateduid

job_title

title

last_name

sn

mobile_phone

mobile

short_name

uid


Active Directory:

Profile variable

LDAP attribute name

email

mail

first_name

givenName

full_name

fullName

guid

objectGUID

job_title

title

last_name

sn

mobile_phone

mobile

short_name

sAMAccountName