We use Okta as our main identity provider, and I'd like to leverage that alongside Jamf Connect to get Zero-touch working in my environment. is there any advice for disabling Nomad and getting Okta and JC working nicely together?
Page 1 / 1
Have a look at this post from the Jamf Blog.
https://www.jamf.com/blog/migrating-from-nomad-to-jamf-connect/
I've had great success via the following process,
Step 1. Create a Smart Computer Group for computers you want to target.
Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.
Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to / Scope to Smart Computer Group from Step 1.
#!/bin/bash
: HEADER = <<'EOL'
██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║
██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║
╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝
Name: Remove Nomad
Description: Unloads launchagent tasks and deletes all NoMAD related files
Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username)
EOL
##########
##########################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# removeNomad.sh -- Removes all NoMAD components from computer
#
# SYNOPSIS
# sudo removeNomad.sh
# sudo removeNomad.sh <mountPoint> <computerName> <currentUsername>
#
# DESCRIPTION
#
# Unloads launchagent tasks and deletes all NoMAD related files
#
####################################################################################################
## Get the current user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"`
# unload LaunchAgent
launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist
launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Kill NoMAD process
pkill NoMAD
# Reset Login Window
/usr/local/bin/authchanger -reset
# Remove Files
sudo rm -rf "/Applications/NoMAD.app"
sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Let it ride?
#exit 0
I've had great success via the following process,
Step 1. Create a Smart Computer Group for computers you want to target.
Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.
Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to / Scope to Smart Computer Group from Step 1.
#!/bin/bash
: HEADER = <<'EOL'
██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║
██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║
╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝
Name: Remove Nomad
Description: Unloads launchagent tasks and deletes all NoMAD related files
Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username)
EOL
##########
##########################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# removeNomad.sh -- Removes all NoMAD components from computer
#
# SYNOPSIS
# sudo removeNomad.sh
# sudo removeNomad.sh <mountPoint> <computerName> <currentUsername>
#
# DESCRIPTION
#
# Unloads launchagent tasks and deletes all NoMAD related files
#
####################################################################################################
## Get the current user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"`
# unload LaunchAgent
launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist
launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Kill NoMAD process
pkill NoMAD
# Reset Login Window
/usr/local/bin/authchanger -reset
# Remove Files
sudo rm -rf "/Applications/NoMAD.app"
sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Let it ride?
#exit 0Mean for Binjali...
Ensure your end-user accounts are not mobile accounts. Then remove nomad then install and use the configuration you want and install Jamf Connect. The script below looks to be getting the job done but always test!
I've had great success via the following process,
Step 1. Create a Smart Computer Group for computers you want to target.
Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.
Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to / Scope to Smart Computer Group from Step 1.
#!/bin/bash
: HEADER = <<'EOL'
██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║
██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║
╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝
Name: Remove Nomad
Description: Unloads launchagent tasks and deletes all NoMAD related files
Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username)
EOL
##########
##########################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# removeNomad.sh -- Removes all NoMAD components from computer
#
# SYNOPSIS
# sudo removeNomad.sh
# sudo removeNomad.sh <mountPoint> <computerName> <currentUsername>
#
# DESCRIPTION
#
# Unloads launchagent tasks and deletes all NoMAD related files
#
####################################################################################################
## Get the current user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"`
# unload LaunchAgent
launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist
launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Kill NoMAD process
pkill NoMAD
# Reset Login Window
/usr/local/bin/authchanger -reset
# Remove Files
sudo rm -rf "/Applications/NoMAD.app"
sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Let it ride?
#exit 0you mentioned creating the configuration profile for Jamf connect? what needs to go into it?
I've had great success via the following process,
Step 1. Create a Smart Computer Group for computers you want to target.
Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.
Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to / Scope to Smart Computer Group from Step 1.
#!/bin/bash
: HEADER = <<'EOL'
██████╗ ██████╗ ██████╗██╗ ██╗███████╗████████╗███╗ ███╗ █████╗ ███╗ ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗ ██║
██████╔╝██║ ██║██║ █████╔╝ █████╗ ██║ ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║ ██║██║ ██╔═██╗ ██╔══╝ ██║ ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║ ██║╚██████╔╝╚██████╗██║ ██╗███████╗ ██║ ██║ ╚═╝ ██║██║ ██║██║ ╚████║
╚═╝ ╚═╝ ╚═════╝ ╚═════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝
Name: Remove Nomad
Description: Unloads launchagent tasks and deletes all NoMAD related files
Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username)
EOL
##########
##########################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
# removeNomad.sh -- Removes all NoMAD components from computer
#
# SYNOPSIS
# sudo removeNomad.sh
# sudo removeNomad.sh <mountPoint> <computerName> <currentUsername>
#
# DESCRIPTION
#
# Unloads launchagent tasks and deletes all NoMAD related files
#
####################################################################################################
## Get the current user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"`
# unload LaunchAgent
launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist
launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Kill NoMAD process
pkill NoMAD
# Reset Login Window
/usr/local/bin/authchanger -reset
# Remove Files
sudo rm -rf "/Applications/NoMAD.app"
sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
# Let it ride?
#exit 0Just wondering, is there a version of this script that targets NoMAD Pro? this one works great, but it leaves Pro still on the machines that had both installed. (please don't ask me why both were pushed out; i just got here)
This script is removing the Nomad, but messed up with jamf login. when I deploy this script, it deletes the nomad and when user log in again, it doesn't go to the Okta user login page instead it goes to normal login. In order to make the jamf connect login page I need to redeploy the jamf connect package, is there any document or script which separately removes the Nomad and doesn't interrupt the jamf connect package? actually we deployed the jamf connect already in our environment and now we want to remove the Nomad, its not best practice but we did it:).
This script is removing the Nomad, but messed up with jamf login. when I deploy this script, it deletes the nomad and when user log in again, it doesn't go to the Okta user login page instead it goes to normal login. In order to make the jamf connect login page I need to redeploy the jamf connect package, is there any document or script which separately removes the Nomad and doesn't interrupt the jamf connect package? actually we deployed the jamf connect already in our environment and now we want to remove the Nomad, its not best practice but we did it:).
I would try this:
authchanger -reset
Then logout.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.