When deploying Parallels Desktop to end users in your organization, you might want to ensure that company license is only used on Mac's that are managed by your organization. This article describes best practices for administrators who wish to prevent end users from activating Parallels Desktop Enterprise Edition licenses on personal or unmanaged Mac computers. This way, you can also secure your corporate VMs by encrypting them and binding to your Parallels subscription.
For activations using license key
When deploying Parallels Desktop using a license key, standard deployment methods ensure that the actual license key is not exposed to the end user. This significantly minimizes the risk of the license being used on unauthorized machines.
To ensure the key remains hidden, administrators should utilize one of the following deployment methods:
-
License Management Portal Invitations: Sending activation emails directly via the Parallels My Account portal, they contain temporary activation keys different from one registered.
-
MDM Solutions: Deploying via JAMF or similar endpoint management systems using configuration profiles as outlined in the Parallels Desktop Enterprise Edition Administrator’s Guide.
-
Mass Deployment Packages: creating a deployment package that embeds the license key.
In these scenarios, the activation process is automated, and there is no direct interaction with the license key on the part of the end user.
For SSO based activations
If your organization utilizes Single Sign-On (SSO) for activation, you can restrict usage to corporate devices by enforcing conditional access policies within your Identity Provider (IdP).
Administrators should configure the IdP to allow login to the Parallels Desktop application only from devices that are compliant or exist within a managed environment.
The specific configuration steps vary depending on your Identity Provider. To illustrate this concept, please refer to the documentation for your specific IdP regarding "Conditional Access" or "Device Trust" policies.
For example, here are some references on the matter from Okta and Entra IdP's:
Okta: Okta Device Trust: Integration Setup ; Managed devices | Okta Identity Engine
Entra: Microsoft Entra Conditional Access: Zero Trust Policy Engine - Microsoft Entra ID ; Filter for devices as a condition in Conditional Access policy - Microsoft Entra ID
Was this article helpful?
Tell us how we can improve it.