Skip to main content

We use Okta as our main identity provider, and I'd like to leverage that alongside Jamf Connect to get Zero-touch working in my environment.  is there any advice for disabling Nomad and getting Okta and JC working nicely together?

Have a look at this post from the Jamf Blog.
https://www.jamf.com/blog/migrating-from-nomad-to-jamf-connect/


@binjali 

 

I've had great success via the following process,

 

Step 1. Create a Smart Computer Group for computers you want to target.

Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.

Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to /  Scope to Smart Computer Group from Step 1.

 

#!/bin/bash : HEADER = <<'EOL' ██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗ ██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║ ██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║ ██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║ ██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ Name: Remove Nomad Description: Unloads launchagent tasks and deletes all NoMAD related files Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username) EOL ########## ########################################################################################## # # ABOUT THIS PROGRAM # # NAME # removeNomad.sh -- Removes all NoMAD components from computer # # SYNOPSIS # sudo removeNomad.sh # sudo removeNomad.sh <mountPoint> <computerName> <currentUsername> # # DESCRIPTION # # Unloads launchagent tasks and deletes all NoMAD related files # #################################################################################################### ## Get the current user loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"` # unload LaunchAgent launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Kill NoMAD process pkill NoMAD # Reset Login Window /usr/local/bin/authchanger -reset # Remove Files sudo rm -rf "/Applications/NoMAD.app" sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Let it ride? #exit 0

@binjali 

 

I've had great success via the following process,

 

Step 1. Create a Smart Computer Group for computers you want to target.

Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.

Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to /  Scope to Smart Computer Group from Step 1.

 

#!/bin/bash : HEADER = <<'EOL' ██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗ ██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║ ██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║ ██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║ ██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ Name: Remove Nomad Description: Unloads launchagent tasks and deletes all NoMAD related files Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username) EOL ########## ########################################################################################## # # ABOUT THIS PROGRAM # # NAME # removeNomad.sh -- Removes all NoMAD components from computer # # SYNOPSIS # sudo removeNomad.sh # sudo removeNomad.sh <mountPoint> <computerName> <currentUsername> # # DESCRIPTION # # Unloads launchagent tasks and deletes all NoMAD related files # #################################################################################################### ## Get the current user loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"` # unload LaunchAgent launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Kill NoMAD process pkill NoMAD # Reset Login Window /usr/local/bin/authchanger -reset # Remove Files sudo rm -rf "/Applications/NoMAD.app" sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Let it ride? #exit 0

Mean for Binjali...

 


Ensure your end-user accounts are not mobile accounts. Then remove nomad then install and use the configuration you want and install Jamf Connect. The script below looks to be getting the job done but always test!


@binjali 

 

I've had great success via the following process,

 

Step 1. Create a Smart Computer Group for computers you want to target.

Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.

Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to /  Scope to Smart Computer Group from Step 1.

 

#!/bin/bash : HEADER = <<'EOL' ██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗ ██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║ ██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║ ██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║ ██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ Name: Remove Nomad Description: Unloads launchagent tasks and deletes all NoMAD related files Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username) EOL ########## ########################################################################################## # # ABOUT THIS PROGRAM # # NAME # removeNomad.sh -- Removes all NoMAD components from computer # # SYNOPSIS # sudo removeNomad.sh # sudo removeNomad.sh <mountPoint> <computerName> <currentUsername> # # DESCRIPTION # # Unloads launchagent tasks and deletes all NoMAD related files # #################################################################################################### ## Get the current user loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"` # unload LaunchAgent launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Kill NoMAD process pkill NoMAD # Reset Login Window /usr/local/bin/authchanger -reset # Remove Files sudo rm -rf "/Applications/NoMAD.app" sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Let it ride? #exit 0

you mentioned creating the configuration profile for Jamf connect? what needs to go into it?


@binjali 

 

I've had great success via the following process,

 

Step 1. Create a Smart Computer Group for computers you want to target.

Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.

Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to /  Scope to Smart Computer Group from Step 1.

 

#!/bin/bash : HEADER = <<'EOL' ██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗ ██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║ ██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║ ██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║ ██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝ Name: Remove Nomad Description: Unloads launchagent tasks and deletes all NoMAD related files Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username) EOL ########## ########################################################################################## # # ABOUT THIS PROGRAM # # NAME # removeNomad.sh -- Removes all NoMAD components from computer # # SYNOPSIS # sudo removeNomad.sh # sudo removeNomad.sh <mountPoint> <computerName> <currentUsername> # # DESCRIPTION # # Unloads launchagent tasks and deletes all NoMAD related files # #################################################################################################### ## Get the current user loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"` # unload LaunchAgent launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Kill NoMAD process pkill NoMAD # Reset Login Window /usr/local/bin/authchanger -reset # Remove Files sudo rm -rf "/Applications/NoMAD.app" sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist" # Let it ride? #exit 0

Just wondering, is there a version of this script that targets NoMAD Pro?  this one works great, but it leaves Pro still on the machines that had both installed. (please don't ask me why both were pushed out; i just got here)


This script is removing the Nomad, but messed up with jamf login. when I deploy this script, it deletes the nomad and when user log in again, it doesn't go to the Okta user login page instead it goes to normal login. In order to make the jamf connect login page I need to redeploy the jamf connect package, is there any document or script which separately removes the Nomad and doesn't interrupt the jamf connect package? actually we deployed the jamf connect already in our environment and now we want to remove the Nomad, its not best practice but we did it:). 


This script is removing the Nomad, but messed up with jamf login. when I deploy this script, it deletes the nomad and when user log in again, it doesn't go to the Okta user login page instead it goes to normal login. In order to make the jamf connect login page I need to redeploy the jamf connect package, is there any document or script which separately removes the Nomad and doesn't interrupt the jamf connect package? actually we deployed the jamf connect already in our environment and now we want to remove the Nomad, its not best practice but we did it:). 


I would try this:

authchanger -reset

Then logout.


I would try this:

authchanger -reset

Then logout.


It’s already there in @Hugonaut script