macOS Agent: Automated Installation for Active Directory Domain-Joined Devices
  • 08 Oct 2021
  • 1 Minute to read
  • Dark
    Light
  • PDF

macOS Agent: Automated Installation for Active Directory Domain-Joined Devices

  • Dark
    Light
  • PDF

This guide explains how SecureCircle can be automatically deployed via MDM (such as JAMF) to macOS devices which are joined to an Active Directory domain.

Prerequisites

This guide assumes that the target macOS devices are already preconfigured to:

  • Ensure that the SecureCircle Kernel Extension is trusted

  • Ensure file access is configured for the SecureCircle Agent

Please refer to 'Configure JAMF' section of JAMF Deployment to learn how to achieve the above prerequisites.

Script-based SecureCircle installation for macOS via MDM

  1. Download the installation script

install-securecircle.py

  • If helpful, SecureCircle-MDM-Installer.pkg can be used, which, when installed, simply ensures that /usr/local/securecircle-installer/install-securecircle.py is created with executable permissions on the local system. Something must then call this post-install.

SecureCircle-MDM-Installer.pkg

  1. Some edits to the script will be required if using JAMF. Several other parameters can be optionally set. Make any necessary edits to the script (see below):
# (Required if using Jamf, otherwise, optional) Set SecureCircle parameters here if not using command-line arguments.
default_sc_host = None  # e.g. 'abc1d2e345.us2.saas.securecircle.com'
default_sc_api_key = None  # e.g. '72839f96e92c11e8add6dffd7283939a'
default_sc_circle_list = None  # e.g. ['{96ee6de7-32c1-49b2-90ba-615b7b5c1555}', 'b1ca15bf-b92e-4013-94a9-c25a5e8e3635']

# (Required if using Jamf, otherwise, optional) Set Jamf parameters here if not using command-line arguments.
default_jamf_user = None
default_jamf_pass = None
default_jamf_base_url = None

# (Optional) Set WorkspaceOne parameters here if not using command-line arguments.
default_wsone_user = None
default_wsone_pass = None
default_wsone_base_url = None

# (Optional) Set ManageEngine parameters here if not using command-line arguments.
default_me_base_url = None
default_me_api_key = None

# (Optional) Set optional static invitation ID here if not using command-line arguments.
default_static_invitation_id = None

# (Optional) Set minimum driver version to compare to determine if upgrade is needed.
default_sc_driver_version = None

  1. Ensure install-securecircle.py is present on the target system(s) and executable.

    • This is generally done directly through a third-party provisioning/device management system.
  2. Call the installation script, including any necessary parameters that were not defined as part of the script. For directory-based installations, please include the parameter --ignore-num-circles:

  • install-securecircle.py --ignore-num-circles --schost=SecureCircle_Server_Hostname --check-driver-version=driver_version static-invitation --invitation-id=invitation_ID

Example for a directory-based installation:

  • install-securecircle.py --ignore-num-circles --schost=abc1d2e345.us2.saas.securecircle.com --check-driver-version=2.14.4.1234 static-invitation --invitation-id=ebd65047d3ef421fbb6325d3121c50ba

  • Note: invitation-id=ebd65047d3ef421fbb6325d3121c50ba is the default Invitation ID for directory-based (as opposed to Email-based) installations.

After installation is complete, SecureCircle will provide Circle access based on the user's Active Directory Security Group membership and the relevant Directory policies applied within the SecureCircle Admin Portal.

Note: Devices running macOS Big Sur will require a reboot after successfully installing SecureCircle.


Was this article helpful?