fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Self-service portal accessible via static URL or dedicated app (not per-device rotating link)

Open Patagonia121 opened this issue 2 weeks ago • 1 comments

customer-dreyfus Gong snippet: https://us-65885.app.gong.io/call?id=3493484379833418199&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A611%2C%22to%22%3A994%7D%5D

Problem

Currently, Fleet's self-service portal uses unique, time-locked URLs per device that can only be accessed through the Fleet Desktop menu bar icon. This creates friction for IT teams who want to provide users with a consistent, easily sharable way to access self-service features.

Customer workflow challenge:

  • customer-dreyfus maintains static links in their Notion documentation that users can click to access IT self-service tools
  • With Kandji, they provide a dedicated app in the dock that users can easily find and launch
  • Fleet's current implementation requires users to:
    • Locate the Fleet Desktop menu bar icon
    • Click through to access self-service
    • Cannot be given a static link in documentation

What have you tried?

TODO

Potential solutions

Option 1: Static URL with SSO

  1. IT team shares a single, static URL in documentation (e.g., https://fleet.customer-dreyfuss.com/self-service)
  2. User clicks the link from their device
  3. User authenticates via SSO (if needed for sensitive information)
  4. User sees available apps/actions relevant to their device
  5. For sensitive information (device details, encryption keys, etc.) - require authentication
  6. For app installation - allow frictionless access without additional auth

Option 2: Dedicated App in Dock

  1. Fleet Desktop provides an installable app that can be pinned to the dock
  2. User clicks the app icon (similar to Kandji's self-service app or Jamf's Self Service app)
  3. App opens to self-service portal
  4. Authentication handled as in Option 1

What is the expected workflow as a result of your proposal?

See above for either option presented to understand ideal workflow

Patagonia121 avatar Dec 12 '25 23:12 Patagonia121

@Patagonia121, I see another approach would also be effective. However, it’s limited to macOS only.

Option 3: URL Scheme support

  1. Fleet Desktop offers support for URL scheme.
  2. When a user clicks a generic URL in Notion, Slack, or similar applications, Fleet Desktop activates.
  3. An Apple Event triggers the same code, opening the path as if the user had manually clicked “My device”.

Current State

From a solutions perspective for macOS, the steps below are a gist of what’s needed for URL Scheme support.

1. Register URL Scheme in Info.plist

Add to the desktop.go plist template :

  <key>CFBundleURLTypes</key>
  <array>
      <dict>
          <key>CFBundleURLName</key>
          <string>com.fleetdm.desktop</string>
          <key>CFBundleURLSchemes</key>
          <array>
              <string>fleetdevice</string>
          </array>
      </dict>
  </array>
2. Handle the URL in Go (macOS only)

macOS sends URL open events via Apple Events. In Go, this requires either:

  • CGo to hook into NSAppleEventManager
  • or another library that gently deals with appleevents
3. UX

Users could then be provided with a generic link, such as:

fleetdevice://my-device

headmin avatar Dec 13 '25 07:12 headmin