All Collections
Agents
How to deploy Zluri Mac Agent through Jamf Pro
How to deploy Zluri Mac Agent through Jamf Pro

This article explains how to deploy Zluri Mac Agent through Jamf Pro

C
Written by Chinmay Panda
Updated this week

To deploy Mac Agent through JAMF, You need to have an active Jamf Integration. To integrate Jamf with Zluri, Please navigate to 'Sources->Integrations' to connect Jamf with Zluri. It takes 24-48 hours for the sync to complete. Once the first sync is complete you can proceed with the below steps.

Two Permissions Zluri agent requires:

  1. Screen Recording Permissions -- - THIS IS A NOT A MANDATORY PERMISSION
    For details on why you may consider giving this permission, click here.

    Please note that there are chances of end users being notified once Zluri is installed in their system, this notification is NOT under our control, entirely under the system's control and cannot be avoided.

Please follow the below steps in order to integrate the zluri scripts and .pkg to the Jamf Pro.

  1. Login to the jamfpro https://[instance].jamfcloud.com/

  2. Visit 'Settings' at bottom right corner, Search 'Category' in the search box and Create a new category, name such as zluri-orgname. You can follow the steps here to create a category.

  3. Create a new policy. You can follow the documentation here to create a policy.

  4. Download the package from this link and Upload the package in Jamf. You can follow the documentation here to upload the package.

    1. Under 'Computer Management', Select package.

    2. Click + New

    3. Under Category, choose the category that was created in Step 2

    4. Under Filename, choose the .pkg and let it upload and click Save.

  5. Now, to add the scripts, follow the Jamf pro documentation:

    1. Ensure that you name the preinstall script “preinstall” and paste the script’s contents into the scripts area.

      1. ZLURI_PERMISSION=$(sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" "SELECT COUNT(*) FROM access WHERE service='kTCCServiceScreenCapture' AND client='com.zluri' AND auth_value=2;")
        if [[ "$ZLURI_PERMISSION" -gt 0 ]] then exit 0
        else echo "Permission is not there for Zluri" 
        fi
        exit 0

    2. Choose the Category as the category created

    3. Now, under Options, choose Priority as Before

    4. Now repeat the same steps for postinstall script

      1. UUID=$(system_profiler SPHardwareDataType | awk '/UUID/ { print $3; }')
        #assigning random org_token
        ORG_TOKEN=<org_token>  
        # assigning mdm type
        TYPE="jamf"

        open -a zluri.app --args --uuid="$UUID" --open -a zluri.app --args --uuid="$UUID" --org_token="$ORG_TOKEN" --mdm-mac-type="$TYPE" --silent_auth=on --screen_recording=on

        Replace the <org_token> with the token provided to you by the Zluri customer success team.


        NOTE: SCREEN RECORDING IS COMPLETELY OPTIONAL, if you do not want your organisation to share screen recording permissions, you can change the last line of script to:

        open -a zluri.app --args --uuid="$UUID" --org_token="$ORG_TOKEN" --mdm-mac-type="$TYPE" --silent_auth=on --screen_recording=off

        NOTE: Here is the last line we are configuring whether you want the warning to be shown to the user or not on the agnet UI, the process of giving the screen recording permission will require manual intervention if you decide on going ahead to give the permissions.

    5. Name the script as post install

    6. Choose the Priority under options pane as “After”.

    7. Save the settings.

  6. Now, Choose Policies from the left-menu, choose the Policy you created in Step 1

    1. Under Options, in Packages, Choose Distribution point as Cloud distribution point as shown in the screenshot above.

    2. Select the package that you uploaded in Step 4-d.

    3. Then, under the Scope pane, set All Computers under Target Computers and All Users under Target Users and Save.

    4. Again, go to Options under the Policies, Click on Scripts.

    5. Select preinstall script, set the priority to Before and for post install select After.

    6. And finally, in the General pane, Ensure to click the Enabled checkbox

    7. Enable the Recurring Check-in checkbox to ensure the policy runs every 15 mins

    8. Set the Execution Frequency to 'Once per computer'

  7. Now that you’ve performed all the steps properly, go to Policies from the left-sidebar menu;

Here, you’ll see an overview of the policy (here ZLURI DA MDM) and the scripts and .pkg in the right order to execute.

The above steps will ensure that the Policy runs on the targeted devices and runs the preinstall.

Please initiate RESTART in all the systems after install of the application.

After following the above steps, the policy is ready to install the Zluri app in the targeted devices.

Screen recording permissions are optional for the zluri agent,
click here to know why we need the screen recording permissions,

click here to know how to give the permissions.

Note: Please note that the updated logs of policy run in the targeted systems might be delayed.

Did this answer your question?