黑料海角91入口 Agent Compatibility, System Requirements, and Impacts

Learn about OS compatibility, installation requirements, and changes made to your device during install of the 黑料海角91入口 Agent.

Make sure you've checked the following things for a successful install:

You鈥檙e using a supported OS before you install the 黑料海角91入口 Agent.
Find the files and directories used during install to troubleshoot issues.
Verify files and directories are installed correctly before you contact Support.

You can review our prospective end of support timelines in Prepare Now for End of Support.

Note:

黑料海角91入口 supports iOS devices like iPhones, iPads, and Apple TVs, but the 黑料海角91入口 Agent is not installed on those devices. See Enrolling iOS Devices in MDM to learn more.

Mac

Supported macOS versions:

15.x Sequoia
14.x Sonoma
13.x Ventura
12.x Monterey
Intel and Apple Silicon devices are supported

Considerations:

For Mac devices running macOS Monterey and later, the 黑料海角91入口 Agent requires Full Disk Access Permissions to enable communication with the authentication controls on the device. See Granting Full Disk Access Permissions to the 黑料海角91入口 Agent for MacOS to learn more.
Pre-release or Release Candidate (RC) versions of OS releases aren鈥檛 supported.
If the 黑料海角91入口 Agent is installed on an unsupported version, 黑料海角91入口 neither ensures nor guarantees full or even partial functionality of device management. Furthermore, functionality may or may not work as intended and may be hindered based on future product releases:
- As of December 31, 2023, 黑料海角91入口 no longer supports macOS 11.X Big Sur.
- As of December 15, 2021, 黑料海角91入口 no longer supports macOS 10.14 Mojave.
- As of November 30, 2020, 黑料海角91入口 no longer supports macOS 10.13 High Sierra.
- As of April 14, 2020, 黑料海角91入口 no longer supports macOS 10.12 Sierra.

Note:

If an unsupported device is assigned to the 黑料海角91入口 MDM server in Apple Business Manager (ABM), it will attempt to install the agent, which will generate an error and cause the device to hang at the install screen. The device will need to have the 黑料海角91入口 MDM server unassigned in ABM. This can be done by removing the 黑料海角91入口 MDM server from the Default Device Assignment under Device Management Settings or by changing the Device Management settings for the individual device.

Warning:

Do not release the device from ABM. Devices released from ABM need to be re-enrolled using Apple Configurator for iOS. See Apple's Support documentation, to learn more.

Term	Definition & Service
Login Password (or User Password)	This is the primary credential that is linked with your keychain and FileVault (if enabled). This password is used to log in to your local user account in macOS.
Bootstrap Token	Bootstrap Tokens grant a secure token to mobile or MDM admin accounts. These won't be created automatically if the first user created is a standard user during MDM enrollment, or if local account creation is skipped entirely. Only available after MDM enrollment (黑料海角91入口 MDM currently doesn't use this feature).
Keychain	Keychains are linked to the user when the user is created. Shares password with user account. Keychain password is only available to the user, and not the administrator. If the keychain password is lost, the user loses access to that keychain, and a new keychain is created. Keychain passwords can become out of sync two different ways: User login password change outside the Mac. For example, an Active Directory (AD) password change done in AD outside of macOS. User login password reset executed by an administrator on device.
FileVault (FV)	FileVault is the service that encrypts disks in macOS using an encryption key. Shares password with the administrator account that enabled it. This key can become out of sync if the following occurs: A password change via script. AD password change outside the Mac. You can avoid FV lockouts in the following ways: Having a second administrator on the Mac with a secure token. If the password is changed, store the old password somewhere safe, it can be used to decrypt FV. Warning: Do not reboot! If you have rebooted, you need another account with a secure token to unlock FV. If you don't have the passwords, or a valid account and password to decrypt the FV volume, you have to use the Recovery Key.

Changes Made to Your MacOS Device During Installation

Installation Files, Directories, or Settings	Locations and Details
Installer Filename	jumpcloud-agent.pkg
Launch Daemon	com.jumpcloud.darwin-agent
Primary Installation Directory	/opt/jc/
Installation and Service Log Directory	*/var/log/jc.log You can download the most recent 1 MB of logs for a device from the System Details panel by clicking Get system logs**. Logs are only available for online devices.
黑料海角91入口 Menu Bar App Tray Log Directory	~/Library/Logs/黑料海角91入口
黑料海角91入口 Go	These components are installed to support 黑料海角91入口 Go authentication: LaunchDaemon: /Library/PrivilegedHelperTools/com.jumpcloud.黑料海角91入口GoHelper LaunchAgent: /opt/jc_user_ro/黑料海角91入口Go.xpc Native message host: /opt/jc_user_ro/黑料海角91入口Go-Chrome /Library/Google/Chrome/NativeMessagingHosts/com.jumpcloud.jumpcloudgo.json /Library/LaunchDaemons/com.jumpcloud.黑料海角91入口GoHelper.plist /Library/LaunchAgents/com.jumpcloud.黑料海角91入口Go.plist
Device Trust	The jumpcloud-user-agent application handles actions that must be performed in a user’s context: App location - /opt/jc_user_ro/jumpcloud-user-agent Log file - /Users/<username>/Library/Logs/黑料海角91入口/jc-user-agent.log The log file is present for every user on the device, whether or not the user is managed by 黑料海角91入口, because the user-agent runs for each logged-in user. However, the agent will only install and manage certificates for managed users.
User-agent Management	To ensure that the 黑料海角91入口 user-agent is started when the user logs in and is restarted automatically, the agent installer places a properties list file here: /Library/LaunchAgents/com.jumpcloud.user-agent.plist
Certificate Management	When the 黑料海角91入口 user-agent requests new Device Trust certificates for the user, it creates a new MacOS keychain: /Users/username/Library/Keychains/jumpcloud-device-trust-keychain-db It stores the password to unlock this keychain in the user’s login keychain in this item: 黑料海角91入口 Device Trust Keychain Password. The user-agent imports the Device Trust certificates and private key into this new keychain.
Certificate Auto-Selection for Safari	Safari looks for identity preference settings in the user’s login keychain to automatically select certificates. The user-agent creates identity preferences in the keychain to associate the Device Trust certificate with two 黑料海角91入口 URLs:
Certificate Auto-Selection for Chrome	On MacOS, Chrome uses a properties list (plist) file to configure certificate auto-selection filters. The user agent will update the user’s current ‘Library/Preferences/com.google.chrome.plist’ file if it’s present or create a new file if it's not. The auto-selection filters allow Chrome to find a certificate in the keychain to apply to a given URL. The selection filters will match a cert with a Subject Organizational Unit (SUBJECT:OU) of 黑料海角91入口 Device Trust to two 黑料海角91入口 URLs:
Custom Login Window	/Library/Preferences/com.apple.loginwindow.plist /Library/Security/SecurityagentPlugins/jumpcloud-loginwindow.bundle/Contents/Info.plist
TOTP Key Files	When enabled, key files are stored on a per user basis in this directory at this path: /etc/ssh/jumpcloud_totp/${USER} 黑料海角91入口 manages this based on users having uploaded public keys to 黑料海角91入口.
黑料海角91入口-managed Sudo Users	黑料海角91入口 enables sudo users by adding those users to: /etc/sudoers.d/00-USERNAME-jumpcloud All 黑料海角91入口-managed users will be added to the path. However, non-privileged users will contain a configuration file that explicitly denies sudo privileges.
System Insights OS Query	/opt/jc/bin/jcosqueryi Note: OS query is only installed when System Insights is enabled.

Additional MacOS Considerations:

For all supported macOS versions, a native admin service account is created, and credentials are required during install for support with secure token in conjunction with FileVault. See Managing Users with High Sierra, FileVault, and APFS to learn more.
Syncing login passwords with Apple鈥檚 iCloud service isn't supported, and attempting to turn it on may result in undefined and unsupported behavior. See OS X: User Password Does Not Update with iCloud Account to learn more.
See 黑料海角91入口 Agent Port Requirements to learn more.
黑料海角91入口 is proud to natively support Apple silicon Macs.

Windows

Supported Windows Versions:

10 (64 bit)
11
Server: 2012 R2
Server: 2016 (64 bit)
Server: 2019
Server: 2022

Considerations:

As of June 16, 2023, the 黑料海角91入口 Agent will not be updated past version 1.115.1 on 32-bit devices.
As of June 16, 2023, the 黑料海角91入口 tray app will not be updated past version 1.32.0 on 32-bit devices.
As of February 18, 2022, 黑料海角91入口 no longer supports Windows 8.1.
Beginning on May 11, 2021, we only support Windows 10 build 1909 and above. See Microsoft Windows Support documentation, to learn more.
As of June 30, 2020, we don't support the 黑料海角91入口 Agent on 32-bit devices.
As of June 30, 2020, 黑料海角91入口 no longer supports Windows 8.
As of April 14, 2020, 黑料海角91入口 no longer supports Windows 7 or Windows 2008 + R2.

If the 黑料海角91入口 Agent is installed on an unsupported version, 黑料海角91入口 neither ensures nor guarantees full or even partial functionality of device management. Furthermore, functionality may or may not work as intended and may be hindered based on future product releases:
- As of June 16, 2023, the 黑料海角91入口 Agent won鈥檛 be updated past version 1.115.1 on 32-bit devices.
- As of June 16, 2023, the 黑料海角91入口 tray app won鈥檛 be updated past version 1.32.0 on 32-bit devices.
- As of February 18, 2022, 黑料海角91入口 no longer supports Windows 8.1.
- Beginning on May 11, 2021, we only support Windows 10 build 1909 and above. See Microsoft鈥檚 Support documentation for to learn more.
- As of June 30, 2020, we don鈥檛 support the 黑料海角91入口 Agent on 32-bit devices.
- As of June 30, 2020, 黑料海角91入口 no longer supports Windows 8.
- As of April 14, 2020, 黑料海角91入口 no longer supports Windows 7 or Windows 2008 + R2.
International versions of Windows are supported. However, certain international character sets may cause the following issues:
- Cosmetic issues in the Device detail views.
- Adverse results in Command execution in the Admin Portal.
- Non-English locales aren鈥檛 supported by 黑料海角91入口 policies.
Home versions of Windows are supported in the following ways:
- The 黑料海角91入口 Agent can be installed.
- Conditional access is supported.
- 黑料海角91入口 policies and security commands are currently unsupported.
Enhanced Security Configuration on Windows Server 2019 blocks our ability to auto-select the certificate in Internet Explorer and certain versions of Edge. Disable Enhanced Security Configuration for users so that they aren鈥檛 prompted when accessing 黑料海角91入口-managed resources.
Release Candidate (RC) versions of O/S releases aren鈥檛 supported.
The 黑料海角91入口 Agent isn鈥檛 compatible with Duo System Agent Authentication for Windows.
黑料海角91入口 no longer supports Windows ARM devices.

Note:

PowerShell is required for Windows agent functionality.

Component	Requirement
Disk Usage	166 MB minimum This includes C++ runtime components
Memory Usage	6 MB minimum
C++ Runtimes	MS Visual C++ 2013 Redistributable package (x86_64)

Changes Made to Your Windows Device During Installation

Installation Files, Directories, or Settings	Locations and Details
Installer Filename	jcagent-msi-signed.msi
SERVICE-NAME	jumpcloud-agent
Primary Location of 黑料海角91入口 Agent	C:\Program Files\黑料海角91入口
Service Log Directory	C:\Windows\Temp\jcagent.log You can download the most recent 1 MB of logs for a device from the System Details panel by clicking Get system logs. Logs are only available for online devices.
Installation Log Directory	C:\Users\username\AppData\Local\Temp\jcagent.log The log file lives in the directory for the admin user who installs the agent.
黑料海角91入口 Go	These components are installed to support 黑料海角91入口 Go authentication: C:\Program Files\黑料海角91入口\黑料海角91入口Go\黑料海角91入口Go-Chrome.exe C:\Program Files\黑料海角91入口\黑料海角91入口Go\com.jumpcloud.jumpcloudgo.json HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.jumpcloud.jumpcloudgo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.jumpcloud.jumpcloudgo
Device Trust	The jumpcloud-user-agent application handles actions that must be performed in a user’s context: App location - C:\Program Files\黑料海角91入口\jumpcloud-user-agent\jumpcloud-user-agent.exe Log file - C:\Users\<username>\AppData\Local\Temp\jc-user-agent.log
黑料海角91入口 App Catalog	These components are installed to support 黑料海角91入口's App Catalog for Windows: WinGet (Windows Package Manager) winget.exe is installed at C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_[version number]__8wekyb3d8bbwe` Microsoft Visual C++ is installed at %WINDIR%\SysWow64
Certificate Management	The agent and user-agent import certificates into Windows Certificate Stores: The agent imports the root certificate into the System Certificate Store. This action requires administrative privileges, which is why the agent performs this import. The user-agent imports the intermediate certificate into the user’s Intermediate Certificate Store. The user-agent imports the leaf cert and private key into the user’s Personal Certificate Store.
Certificate Auto-Selection for Chrome and Edge	To support certificate auto-selection in Chrome and Edge, the agent creates the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ AutoSelectCertificateForUrls HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\ AutoSelectCertficateForUrls The agent adds an entry for the ‘’ URL if it doesn't exist.
Registry Keys Added	HKEY_LOCAL_MACHINE\SOFTWARE\黑料海角91入口\黑料海角91入口 agent\ConfigFile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\{96542816-DAD1-4D02-8363-CA4121E5CAE7}_is1
System Insights OS Query	C:\Program Files\黑料海角91入口\jcosqueryi.exe

Additional Windows Considerations:

After you create a 黑料海角91入口 account for a user and the account is active, you can bind the user with a 黑料海角91入口-managed Windows device. When you bind a user to a device, we add the user鈥檚 account to the following local groups:
- Standard User Windows Local Groups (for user accounts with no local Admin permissions):
  - Users
  - Remote Desktop Users
- Admin User Windows Local Groups (for user accounts with local Admin permissions):
  - Admins
  - Users
  - Remote Desktop Users
- If you manually remove a user account from one of these groups, the Agent on the Windows device restores these associations when you save any changes in the Admin Portal.
Windows Live! isn鈥檛 supported. See Use Microsoft Accounts with 黑料海角91入口 to learn more.
See 黑料海角91入口 Agent Port Requirements to learn more.
See Add the 黑料海角91入口 Agent to an Allow List to learn more.

Linux

Core packages are central to the running of a Linux distribution because they contain files for functionality, such as connecting to the Internet, managing and repairing file systems, and the system setup process (e.g. openssh). The packages you鈥檙e required to install for the 黑料海角91入口 Agent to work varies by OS version and are listed in the following table.

Considerations:

Release Candidate (RC) versions of OS releases aren鈥檛 supported.
If the 黑料海角91入口 Agent is installed on an unsupported version or combined with a non-default desktop environment, 黑料海角91入口 neither ensures nor guarantees full or even partial functionality of device management. Furthermore, functionality may or may not work as intended and may be hindered based on future product releases:
- As of June 30, 2024, 黑料海角91入口 no longer supports:
  - CentOS 7
  - Debian 10
  - RHEL 7
- As of December 2023, 黑料海角91入口 no longer supports Fedora 37.
- As of June 2023, 黑料海角91入口 no longer supports Fedora 36.
- As of December 2022, 黑料海角91入口 no longer supports:
  - CentOS 8
  - Fedora 35
- As of September 2022, 黑料海角91入口 no longer supports:
  - Debian 9
  - Fedora 34
  - Mint 18
  - Ubuntu 21.04
- As of August 8, 2022, 黑料海角91入口 no longer supports Amazon Linux 2013 鈥� 2018.
- As of April 30, 2021, 黑料海角91入口 no longer supports Ubuntu 16.04.
- As of November 30, 2020, 黑料海角91入口 no longer supports:
  - CentOS 6
  - RHEL 6
  - Ubuntu 19.04
- As of June 30, 2020, 黑料海角91入口 no longer supports Debian 8 systems.

Supported Linux Versions

Distribution	Requirements
Amazon Linux (amd64, arm64): 2, 2023	The following core packages are installed: chkconfig coreutils curl dmidecode glibc-common grep initscripts lsof net-tools nss nss-tools openssl psmisc redhat-lsb-core rpm shadow-utils sudo tar util-linux util-linux-user yum
Debian (amd64, arm64): 11, 12	The following core packages are installed: apt-rdepends apt-show-versions coreutils cron curl dpkg grep hostname libc-bin libnss3 libnss3-tools libpam-runtime libpam-modules lsb-release lsof mawk openssl passwd procps psmisc rsyslog sudo systemd tar
Fedora (amd64): 38, 39, 40	The following core packages are installed: audispd-plugins coreutils curl dnf findutils gawk glibc-common grep lsof net-tools nss nss-tools openssl policycoreutils psmisc redhat-lsb-core rpm rsyslog shadow-utils sudo systemd tar util-linux which yum
Linux Mint (Cinnamon) (amd64): 20, 21	The following core packages are installed: apt-rdepends apt-show-versions coreutils curl dpkg grep hostname libc-bin libnss3 libnss3-tools lsb-release lsof mawk openssl passwd procps sudo sysvinit-utils tar
Pop!_OS (amd64): 22.04	The following core packages are installed: apt-rdepends apt-show-versions coreutils curl dpkg grep hostname libc-bin libnss3-tools lsb-release lsof mawk passwd procps sudo sysvinit-utils tar
RHEL (amd64): 8 RHEL (amd64, arm64): 9	The following core packages are installed: chkconfig coreutils curl dnf findutils gawk glibc-common grep initscripts lsof net-tools nss nss-tools openssl psmisc redhat-lsb-core rpm shadow-utils sudo tar util-linux util-linux-user which yum
Rocky Linux (amd64, arm64): 8, 9	The following core packages are installed: coreutils curl findutils gawk glibc-common grep initscripts lsof net-tools nss-tools policycoreutils psmisc rpm shadow-utils sudo tar util-linux util-linux-user which yum
Ubuntu (amd64, arm64): 18.04, 20.04, 22.04, 24.04	The following core packages are installed: apt-rdepends apt-show-versions coreutils apt-curl dpkg grep hostname libc-bin libnss3 libnss3-tools lsb-release lsof mawk openssl passwd procps sysvinit-utils sudo tar

Linux Installation Requirements

Component	Requirement
Disk Usage	21 MB minimum
Memory Usage	5 MB minimum

Changes Made to Your Linux Device During Installation

Installation Files, Directories, or Settings	Locations and Details
Installer Filename	jcagent-<os-version-arch>.<deb/rpm>
Installed Services	jcagent, agent-monitor (init.d systems)
Primary Installation Directory	/opt/jc/
Service Control Scripts	The following script lives on Linux devices that use System V init scripts: /etc/init.d/jcagent All other versions use systemd initialization and will have the following script: /lib/systemd/system/jcagent.service The following script is used for 黑料海角91入口 Go: /usr/lib/systemd/user/jumpcloud-user-agent.service.
Google Auth PAM Plugin	This is the OS and Arch lib directory, for example: /lib, /lib64, etc. /security/pam_google_authenticator.so The 黑料海角91入口 agent adds the following configuration lines to the device's /etc/pam.d/sshd configuration file: auth required pam_google_authenticator.so nullok user=root secret=/etc/ssh/jumpcloud_totp/${USER} auth required pam_permit.so These configuration lines are removed when ssh with MFA is disabled.
Installation and Service Logs	/var/log/jc* You can download the most recent 1 MB of logs for a device from the Device Details panel by clicking Get agent log. Logs are only available for online systems.
Enabling Syslog for the Events API (logging user events)	黑料海角91入口 appends a local host address (127.0.0.1:14028) when enabling Syslog for the Events API (logging user events). See Introduction to the Directory Insights API to learn more. /etc/rsyslog.d/jumpcloud.conf
sshd Config File	Contains one or more of the following parameters: [PermitRootLogin, PasswordAuthentication, UsePAM, PubkeyAuthentication, ChallengeResponseAuthentication]. Other config management systems may cause a conflict if it also tries to manage this file. /etc/ssh/sshd_config
TOTP Key Files	When enabled, TOTP key files are stored on a per user basis at this path: /etc/ssh/jumpcloud_totp/${USER}
Sudo Users	黑料海角91入口 enables sudo users by adding those users to: /etc/sudoers.d/00-USERNAME-jumpcloud All 黑料海角91入口-managed users will be added to the path. However, non-privileged users will contain a configuration file that explicitly denies sudo privileges.
Authorized Keys	黑料海角91入口 manages this based on users having uploaded public keys to 黑料海角91入口. /root/.ssh/authorized_keys, /home/${USER} .ssh/authorized_keys
System Insights OS Query Installation Location	/opt/jc/bin/jcosqueryi
黑料海角91入口 Go	These components are installed to support 黑料海角91入口 Go authentication: /opt/jc_user_ro/bin Files: jumpcloudgo-chrome, jumpcloud-user-agent For each managed user: /home/<username>/.config/systemd/user/default.target.wants File: jumpcloud-user-agent.service
Device Trust	The 黑料海角91入口 agent handles all Device Trust actions.
Certificate Management	The agent imports the Device Trust certificates into a Network Security Services (NSS) SQLite database (one per managed user). The databases are located in the user’s home directory: Certificate database: /home/username/.pki/nssdb/cert9.db Key database: /home/username/.pki/nssdb/key4.db If the databases don't exist, the agent creates them.
Certificate Auto-Selection for Chrome	The agent creates a system-wide policy configuration for Chrome in the file ‘/etc/opt/chrome/policies/managed/黑料海角91入口CertificateAutoselect.json’. This file contains ‘AutoSelectCertificateForUrls’ settings that match the 黑料海角91入口 Device Trust certificate to the following 黑料海角91入口 URL: https://device-cert.jumpcloud.com.

Additional Linux Considerations:

For successfully completing the Linux account takeover, the /home/directory must exist for that user.
If it鈥檚 not already installed by default, an admin needs to install an OpenSSH server for the specific case where they intend to require MFA to log in via SSH. If MFA is desired over SSH, ensure openssh-server is installed before installing the agent.
See Agent Networking and Port Requirements to learn more.

Additional Resources:

Knowledge Base: Troubleshoot: 黑料海角91入口 Agent
Enroll:

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case

黑料海角91入口