Skip to main content
Deploy automatic configuration provisioning using any MDM that supports script execution.
If your MDM has a dedicated guide (SimpleMDM, Jamf Pro, Intune, or Mosyle), use that instead for provider-specific instructions.

Prerequisites

  • Admin access to your MDM solution
  • Organization API key from Runlayer with MCP Watch Scan role
  • Your MDM must support running shell scripts on managed devices
Organization API keys authenticate MDM-deployed scripts without per-device enrollment.
1

Navigate to API Keys

Go to Settings in the Runlayer dashboard and select the API Keys tab
2

Create a New Key

Click + Create Organization API Key
3

Configure the Key

  • Name (required): Enter a descriptive name (e.g., “MDM MCP Watch”)
  • Role: Select MCP Watch Scan
4

Copy the Key

Copy the generated key (starts with rl_org_) and store it securely
Organization API keys are shown only once. Store them securely and treat them like passwords.

Deployment Steps

1

Generate the Script

Fill in your settings below to generate a deployment script.
  • DEVICE_NAME: Use your MDM’s variable for the device name or serial number (e.g., $DEVICE_NAME, %DeviceName%). Leave empty to use the computer name.
2

Deploy the Script

Use your MDM’s script or command execution feature:
  1. Create a new script/command in your MDM console
  2. Paste the generated script contents
  3. Configure a recurring execution schedule (at least daily recommended)
  4. Assign to target devices
  5. Save and deploy
MDM scripts typically run as root. The generated script handles this by detecting and running operations as the logged-in user where needed.

Verification

Open a client application (e.g., Cursor) on a target device and confirm the synced MCP servers appear. If something went wrong, check /var/log/runlayer-sync.log on the device.