ºÚÁϺ£½Ç91Èë¿Ú

Deploy the Mac Agent with Jamf Pro

This article describes the recommended method of installing the ºÚÁϺ£½Ç91Èë¿Ú Agent on macOS devices using Jamf Pro. This method of unattended installation uses an install script provided on ºÚÁϺ£½Ç91Èë¿Ú's GitHub. When properly configured, the script installs the ºÚÁϺ£½Ç91Èë¿Ú Agent and the ºÚÁϺ£½Ç91Èë¿Ú Service Account that is required to handle password synchronization.

Prerequisites

  • The Privacy Preferences Policy Control (PPPC) profile must be present on each device on which you intend to deploy the ºÚÁϺ£½Ç91Èë¿Ú Agent. This will give the agent the permissions required to handle PAM authentication responsibilities. See instructions for installing the PPPC profile in Granting Permissions for a Non-ºÚÁϺ£½Ç91Èë¿Ú MDM.
  • You will need the username and password of an Admin account that has a secure token. Use the dscl utility in Terminal to verify the secure token status of an account:
    1. To find the usernames of user accounts on the device: dscl . -list /Users | grep -v "^_"
    2. To check the secure token status of a user, replacing USERNAME with a target username: dscl . -read /Users/USERNAME AuthenticationAuthority | grep "SecureToken"

Important: The local Admin account must be logged into at least once on each device in order to receive a valid secure token (unless the account was created during initial setup of the device).

Installing the Agent and Service Account Using the Install Script

Follow these steps to install the ºÚÁϺ£½Ç91Èë¿Ú Agent and Service Account:

  1. Copy the install script.
  2. Paste the script into a text editor and update the undefined parameters.
  3. Upload the install script into Jamf's administrator console.
  4. Create and apply a policy to install the agent using the script.

Copying the Install Script

  1. Copy the install script: .
  2. Paste the contents into a text editor, and make the changes noted in the next step.

Updating the Script

In a text editor, and make the following changes to the script:

  1. At the top of the script, note there are three undefined parameters:
    1. CONNECT_KEY,
    2. SECURETOKEN_ADMIN_USERNAME, and
    3. SECURETOKEN_ADMIN_PASSWORD.
  2. Replace the CONNECT_KEY value in the script with the ºÚÁϺ£½Ç91Èë¿Ú Connect Key.
    1. To find the Connect Key, log in to the ºÚÁϺ£½Ç91Èë¿Ú Admin Portal and go to DEVICE MANGEMENT > Devices.
    2. Click ( + ) to add a device.
    3. Scroll to Connect Key and click copy.
    4. Paste the Connect Key into the CONNECT_KEY value field in the script.
  3. Replace the SECURETOKEN_ADMIN_USERNAME and SECURETOKEN_ADMIN_PASSWORD values with the username and password of a pre-existing local Admin account that has a secure token.

Important: The username and password of this local Admin account must be the same on all your Macs in order for the installation script to function at scale.

  1. After the three required parameters have been filled, set the SILENT_INSTALL parameter to 0 and the UNATTENDED_INSTALL parameter to 1. This allows the script to run without displaying interactive prompts, and will leverage the parameters defined above to create the ºÚÁϺ£½Ç91Èë¿Ú Service Account.

Important: The local Admin account must be logged into at least once on each device in order to receive a valid secure token (unless the account was created during initial setup of the device).

Uploading the Script

After the necessary changes have been made to the script in the previous step, upload it to Jamf Pro and create a policy:

  1. In Jamf Pro, upload the configured install script.
    1. See Jamf's documentation for .
  2. In Jamf Pro, create a policy with which to associate the script.
    1. See Jamf's documentation for .
    2. Name the policy something similar to “Unattended Jumpcloud Agent Installation."
  3. In Jamf Pro, apply the policy to a test Mac. Allow some time for the Mac to receive and execute the policy.
  4. Verify the ºÚÁϺ£½Ç91Èë¿Ú Agent installed successfully on the Mac. The Mac appears in the ºÚÁϺ£½Ç91Èë¿Ú Admin Portal, and you can proceed to bind a ºÚÁϺ£½Ç91Èë¿Ú user to the Mac. See Bind Users to Devices.
Back to Top

Notebook IconLearn More

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case