How to Get the Team ID, Bundle ID, and Code Requirement – Addigy

The Team ID, Bundle ID, and/or Code Requirement are required when you configure several Apple MDM payloads, such as PPPC, System Extensions, and Kernel Extensions. These identifiers let you target and trust specific apps or developers so you can automate permissions and reduce user prompts.

Overview

Team ID, Bundle ID, and code requirement values uniquely identify an app and its developer on macOS. You typically need them when you whitelist apps, allow system extensions, or deploy security tools.

Team ID: Identifies the Apple Developer account that signed the app.
Bundle ID: Identifies the specific app (for example, com.google.Chrome).
Code Requirement: A codesign rule that macOS uses to verify the app’s signature.

Prerequisites

Before you begin, make sure you have:

A Mac with the app installed locally.
Access to Terminal (Applications > Utilities > Terminal.app).

How to Find Team ID and Bundle ID via Terminal

Use this method when you need the Team ID and Bundle ID for a specific installed app.

Open Terminal on the Mac (Applications > Utilities > Terminal.app).
In a new Terminal window, run:
```
codesign -dv [PATH OF APPLICATION]
```
Replace [PATH OF APPLICATION] with the full path to the app (for example, /Applications/Google\ Chrome.app).

To quickly capture the app’s full path, drag the application from the Applications folder and drop it into the Terminal window.
In the output:
- Locate the line that starts with TeamIdentifier= to get the Team ID.
- Locate the line that starts with Identifier= to get the Bundle ID.
Copy only the value after the = sign for each item (for example, EQHXZ8M8AV for Team ID and com.google.Chrome for Bundle ID).

Note: Make sure you include the full app path if the app is not in /Applications, such as apps inside a subfolder.

How to Find the Code Requirement via Terminal

Use this method when you need the full code requirement string for PPPC, System Extensions, or other advanced Apple MDM payloads.

Open Terminal on the Mac.
In a new Terminal window, run:
```
codesign -dr - [PATH OF APPLICATION]
```
Replace [PATH OF APPLICATION] with the full path to the app.
In the output, find the line that begins with designated =>. Everything after this marker on that line is the app’s Code Requirement.
Copy only the requirement portion (after designated =>) to use in your MDM payload.

Alternative Method

On macOS Ventura (13) or later, you can also pull bundle and team information from the system’s application listings.

Open Terminal.
Run the following command:
```
sudo sfltool dumpbtm
```
and enter your administrator password when prompted.
Review the output and search (for example with CMD + F in a text editor or by using grep) for the app name or identifier you need.
From the matching entry, read the Team ID and Bundle ID values for that app.

Note: This command produces a large amount of output. Filtering by app name or bundle identifier helps you find the correct entry faster.

Frequently Asked Questions

When should I use Team ID vs. Bundle ID?

Use the Team ID when you want to trust all apps signed by a specific developer, such as a security vendor’s tools. Use the Bundle ID when you want to target a single specific app, such as a browser or agent executable.

Where do I use these values in Addigy?

You typically paste the Team ID, Bundle ID, and Code Requirement into PPPC, System Extension, or KEXT configuration payloads when building Device Settings in Addigy. This ensures macOS can match the payload to the correct app or developer during deployment.

What if the app is not in /Applications?

You can still use these methods by adjusting the path (for example, apps in /Applications/Utilities or inside a custom folder). The important part is to provide the full path to the app when you run the commands or update the script.