Approving the Foldr macOS system extension via MDM
The Foldr macOS app uses a system extension to mount your Foldr as a native volume in Finder. macOS gates system extensions tightly: without an approval policy in place, the user sees a “System Extension Blocked” dialog the first time the app starts and has to go to System Settings → Privacy & Security to allow it. On managed Macs, you push an approval policy so this just works.
What you need
The only piece of information specific to Foldr is the Team ID:
3T5GSNBU6W
Adding this Team ID to a system-extension allow-list in your MDM means every system extension signed by Foldr’s developer account is pre-approved on all enrolled Macs.
The MDM payload
Every Apple-compatible MDM accepts the same underlying payload shape:
| Field | Value |
|---|---|
| Payload type | com.apple.system-extension-policy |
| Allowed Team identifiers | 3T5GSNBU6W |
| Allowed System Extensions (optional, tighter scope) | leave empty to allow all extensions from this Team ID |
If you’d rather scope the approval to the specific Foldr extension (rather than any future extension Foldr ships), the bundle identifier is shown in the macOS app’s About Foldr panel; copy it from there into the Allowed System Extensions list.
Notes per MDM
- Jamf Pro: Computers → Configuration Profiles → New → System Extensions payload → Allow Users to Approve = off, Allowed Team IDs → add
3T5GSNBU6W. Scope to the relevant Smart Group. - Microsoft Intune: Devices → macOS → Configuration profiles → Create → Templates → Extensions → System extensions → add an Allowed Team Identifier with
3T5GSNBU6W. - Mosyle: Management → Profiles → System Extensions → add Team Identifier
3T5GSNBU6W. - Other MDMs: any tool that supports the standard Apple
com.apple.system-extension-policypayload will work; the field labels above translate.
The profile must be installed on the Mac before the user first launches the Foldr app for the approval to be silent. If the profile arrives after, the user can approve in System Settings → Privacy & Security without reinstalling the app.
Verifying
On a managed Mac with the profile installed:
systemextensionsctl listFoldr’s extension should appear with [activated enabled] next to it. If it shows [activated waiting for user], the approval policy hasn’t reached the device yet, or it isn’t matching the Team ID.
Related articles
- Foldr app for macOS: overall macOS app deployment
- Enabling the Finder extension on macOS: the user-side toggle to surface the Foldr context menu in Finder
- Deploying / configuring the macOS app: packaging the app and pre-seeding configuration via MDM