JAMF: Configuring Agent
  • 08 Jan 2021
  • 3 Minutes To Read
  • Print
  • Share
  • Dark
    Light

JAMF: Configuring Agent

  • Print
  • Share
  • Dark
    Light

This guide will highlight key SecureCircle Agent configuration details in JAMF in order to achieve a successful deployment. After following this guide, the administrator will be be able to:

  • Ensure that the SecureCircle Kernel Extension is trusted
  • File access configured for the SecureCircle Agent
  • Identify devices that have (and don’t have) the SecureCircle Agent installed
    • NOTE: This guide assumes the SecureCircle package has already been uploaded to Jamf and a base deployment policy is configured.

JAMF deployment script

From within JAMF go to Management Settings → Scripts → New

  • Provide a Display Name (e.g. Install SecureCircle)
  • script tab select from the provided script examples below.

Mac Active Directory Joined deployment script example:

curl -o fhfs.pkg  https://SERVER_ID/download/mac/fhfs.pkg
curl -o bundle.tar.gz "https://$SERVER_ID/download/mac/resources/bundle.dat"
mkdir -p "/private/var/tmp/fhfs"
tar -xzf bundle.tar.gz -C "/private/var/tmp/fhfs"
sudo installer -verboseR -pkg fhfs.pkg -target / 

Email based agent deployment script example:

If using the email based agent add the following parameters to your JAMF script

  • options tab
    • parameter 4: jssUser
    • parameter 5: jssPass
    • parameter 6: jssHost
    • parameter 7: secureCircleHost
    • parameter 8: apiKey
    • parameter 9: circleId

securecircle_enroll.sh

Apply Installation Script

Navigate to Policies → New

  • Click on Scripts → Configure

  • Click “Add” for the script created in the previous section (e.g. Installl SecureCircle)

  • Enter your parameter values.

    • jssUser - JAMF administrative user account with read only access
    • jssPass - password for above account
    • jssHost - JAMF server URL (do not include https://)
    • secureCircleHost - SecureCircle server URL (do not include https://)
    • apiKey - SecureCircle API Key for Administrator that can invite and confirm users
    • circleId - SecureCircle CircleID to be used for initial invitation
  • Scope

    • Assign to target computers
  • Options → Maintenannce

    • Enable “Update Inventory”

Configure JAMF

  1. Create a new Configuration Profile (Kernel Extension)
  • In the JAMF console, under Content Management, select Configuration Profiles and select New
  • Under Options, in the General section, name your profile and provide a description (Identify this as the Kernel Extension approval profile)

Example
jamf1.png

  • Under Options, scroll down and select System Extensions. Provide a name and Team Identifier (see below) used by SecureCircle.
    • Use the following Team Identifier (SecureCircle_kernel_extension_id) - 7BQ8CB8A73

Example
jamf2.png

  • Select Scope, chose your target computers, and select Save.

Example
jamf3.png

  • Upload Configuration Profile (SecureCircle, fhagent preferences)
Information

You can use the SecureCircle Agent.mobileconfig attached to this article or generate your own.

Note

Ensure you have the SecureCircle Agent installed on the device being used for this step

  • Download, extract and run the PPPC-Utility: https://github.com/jamf/PPPC-Utility/releases

  • Once the PPPC-Utility is running, select + (to add to list) and add the following two items

    • SecureCircle
      • By default, found in /Applications/SecureCircle
    • fhagent
      • By default, found in /usr/local/fhfs/bin/fhagent
    • fhtools (Only required if users will run fhtools commands)
      • By default, found in /usr/local/fhfs/bin/fhtools
  • Ensure All Files access has been toggled to Allow, for both applications in PPPC-Utility and select Save

Example
jamf4.png

jamf5.png

  • In the JAMF console, under Content Management, select Configuration Profiles and select Upload
  • Select Scope, chose your deployment targets by clicking Add, and select Save.

Example
jamf6.png

Optional

If your Jamf configuration is set to deploy profiles, you may check if the profile has been deployed after this step.

  • On your macOS device, go to System Preferences and select Profiles
  • Find the SecureCircle profile and validate that fhagent (and fhtools, if selected above) have been allowed

jamf7.png

  • Identify Devices With/Without SecureCircle (using Smart Groups)
    • In the JAMF console, under Settings, select Management Settings
    • In the Computer Management section, chose Extension Attributes and select New
    • Fill in/select the following options, and select Save
      • Display Name/Description: Provide anything
      • Data Type: String
      • Input Type: Script (Shell)
      • Sample Script
#Check if SecureCircle Agent is present
if test -e '/usr/local/fhfs/bin/fhagent'; then
echo "<result>Installed</result>"
else 
echo "<result>Not Installed</result>"
fi

Exmaple
jamf8.png

    • In the JAMF console, under Groups, select Smart Computer Groups and chose New
    • Provide a Display Name to identify this group as “SecureCircle Installed” and select the Criteria tab
    • Select Add, and click on Show Advanced Criteria. Find SecureCircle in the list (created in Step 3 above)
    • Provide a Value of Installed (or whatever was used to identify the installation in the Step 3 script above)
    • Select Save, we now have a group identifying computers that have the SecureCircle Agent installed
    • Repeat steps above, providing a Value of Not Installed (for step g) to create a group of computers without the SecureCircle Agent

Example
jamf9.png

SecureCircle Agent.mobileconfig Download [fix link]

Was This Article Helpful?