JAMF Deployment
  • 26 Apr 2021
  • 2 Minutes to read
  • Dark
    Light
  • PDF

JAMF Deployment

  • Dark
    Light
  • PDF

This guide will highlight key SecureCircle Agent configuration details in JAMF in order to achieve a successful deployment. After following this guide, the administrator will be able to --

  • Ensure that the SecureCircle Kernel Extension is trusted
  • File access configured for the SecureCircle Agent
  • Identify devices that have (and don’t have) the SecureCircle Agent installed
Note:

This guide assumes the SecureCircle package has already been uploaded to Jamf and a base deployment policy is configured.

JAMF deployment script

From within JAMF go to Management Settings → Scripts → New

  • Provide a Display Name (e.g. Install SecureCircle)
  • script tab select from the provided script examples below.

Mac Active Directory Joined deployment script example

curl -o fhfs.pkg  https://SERVER_ID/download/mac/fhfs.pkg
curl -o bundle.tar.gz "https://$SERVER_ID/download/mac/resources/bundle.dat"
mkdir -p "/private/var/tmp/fhfs"
tar -xzf bundle.tar.gz -C "/private/var/tmp/fhfs"
sudo installer -verboseR -pkg fhfs.pkg -target / 

Email based agent deployment script example:

If using the email based agent add the following parameters to your JAMF script

  • options tab

    • parameter 4: jssUser
    • parameter 5: jssPass
    • parameter 6: jssHost
    • parameter 7: secureCircleHost
    • parameter 8: apiKey
    • parameter 9: circleId


Apply Installation Script

Navigate to Policies → New

  • Click on Scripts → Configure

  • Click “Add” for the script created in the previous section (e.g. Install SecureCircle)

  • Enter your parameter values.

    • jssUser - JAMF administrative user account with read only access
    • jssPass - password for above account
    • jssHost - JAMF server URL (do not include https://)
    • secureCircleHost - SecureCircle server URL (do not include https://)
    • apiKey - SecureCircle API Key for Administrator that can invite and confirm users
    • circleId - SecureCircle CircleID to be used for initial invitation
  • Scope

    • Assign to target computers
  • Options → Maintenance

    • Enable “Update Inventory”

Configure JAMF

  1. Create a new Configuration Profile (Kernel Extension)

    • In the JAMF console, under Content Management, select Configuration Profiles and select New

    • Under Options, in the General section, name your profile and provide a description (Identify this as the Kernel Extension approval profile)

      • Example –
        JAMP Deployment
    • Under Options, scroll down and select System Extensions. Provide a name and Team Identifier (see below) used by SecureCircle.

      • Use the following Team Identifier (SecureCircle_kernel_extension_id) - 7BQ8CB8A73

        • Example –
          • JAMP Deployment 1
  • Next select Scope and chose your target computers, then select Save
    • Example
      • JAMP Deployment 2

2.  Upload Configuration Profile (SecureCircle, fhagent preferences) - You can use the SecureCircle Agent.mobileconfig attached to this article (check below) or generate your own.

  • NOTE: If you elect to create your own, ensure you have the SecureCircle Agent installed on the device being used for this step-
    1. Download, extract and run the PPPC-Utility: https://github.com/jamf/PPPC-Utility/releases
    2. Once the PPPC-Utility is running, select +(to add to list) and add the following two items
    3. SecureCircle
      1. By default, found in /Applications/SecureCircle
    4. fhagent
      1. By default, found in /usr/local/fhfs/bin/fhagent
    5. fhtools (Only required if users will run fhtoolscommands)
      1. By default, found in /usr/local/fhfs/bin/fhtools
    6. Ensure All Files access has been toggled to Allow, for both applications in PPPC-Utility and select Save

Sample Configuration Profile


(Optional) SecureCircle Browser Plugin Configuration Profile

Use the SecureCircle Browser Plugin Configuration Profile to enforce that the SecureCircle Plugin is installed in supported browsers (needed for securing data based on source URL)



Was this article helpful?