Jamf Nation Community

binjali · ‎07-27-2022

We use Okta as our main identity provider, and I'd like to leverage that alongside Jamf Connect to get Zero-touch working in my environment. is there any advice for disabling Nomad and getting Okta and JC working nicely together?

Hugonaut · ‎07-28-2022

@binjali

I've had great success via the following process,

Step 1. Create a Smart Computer Group for computers you want to target.

Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.

Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to / Scope to Smart Computer Group from Step 1.

#!/bin/bash

: HEADER = <<'EOL'

██████╗  ██████╗  ██████╗██╗  ██╗███████╗████████╗███╗   ███╗ █████╗ ███╗   ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗  ██║
██████╔╝██║   ██║██║     █████╔╝ █████╗     ██║   ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║   ██║██║     ██╔═██╗ ██╔══╝     ██║   ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║  ██║╚██████╔╝╚██████╗██║  ██╗███████╗   ██║   ██║ ╚═╝ ██║██║  ██║██║ ╚████║
╚═╝  ╚═╝ ╚═════╝  ╚═════╝╚═╝  ╚═╝╚══════╝   ╚═╝   ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝

        Name: Remove Nomad
 Description: Unloads launchagent tasks and deletes all NoMAD related files
  Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username)


EOL

##########
##########################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#	removeNomad.sh -- Removes all NoMAD components from computer
#
# SYNOPSIS
#	sudo removeNomad.sh
#	sudo removeNomad.sh <mountPoint> <computerName> <currentUsername> 
#
# DESCRIPTION
#	
#	Unloads launchagent tasks and deletes all NoMAD related files
#
####################################################################################################

## Get the current user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"`

# unload LaunchAgent
launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist
launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"

# Kill NoMAD process
pkill NoMAD

# Reset Login Window
/usr/local/bin/authchanger -reset

# Remove Files
sudo rm -rf "/Applications/NoMAD.app"
sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"

# Let it ride?
#exit 0

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

View solution in original post

mickgrant · ‎07-27-2022

Have a look at this post from the Jamf Blog.
https://www.jamf.com/blog/migrating-from-nomad-to-jamf-connect/

Hugonaut · ‎07-28-2022

@binjali

I've had great success via the following process,

Step 1. Create a Smart Computer Group for computers you want to target.

Step 2. Create the Configuration Profile for Jamf Connect & Scope to Smart Computer Group from Step 1.

Step 3. Create Policy, Add Script Detailed below to Remove NoMad set to run "Before" & Add Jamf Connect Package. Deploy to / Scope to Smart Computer Group from Step 1.

#!/bin/bash

: HEADER = <<'EOL'

██████╗  ██████╗  ██████╗██╗  ██╗███████╗████████╗███╗   ███╗ █████╗ ███╗   ██╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝╚══██╔══╝████╗ ████║██╔══██╗████╗  ██║
██████╔╝██║   ██║██║     █████╔╝ █████╗     ██║   ██╔████╔██║███████║██╔██╗ ██║
██╔══██╗██║   ██║██║     ██╔═██╗ ██╔══╝     ██║   ██║╚██╔╝██║██╔══██║██║╚██╗██║
██║  ██║╚██████╔╝╚██████╗██║  ██╗███████╗   ██║   ██║ ╚═╝ ██║██║  ██║██║ ╚████║
╚═╝  ╚═╝ ╚═════╝  ╚═════╝╚═╝  ╚═╝╚══════╝   ╚═╝   ╚═╝     ╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝

        Name: Remove Nomad
 Description: Unloads launchagent tasks and deletes all NoMAD related files
  Parameters: $1-$3 - Reserved by Jamf (Mount Point, Computer Name, Username)


EOL

##########
##########################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#	removeNomad.sh -- Removes all NoMAD components from computer
#
# SYNOPSIS
#	sudo removeNomad.sh
#	sudo removeNomad.sh <mountPoint> <computerName> <currentUsername> 
#
# DESCRIPTION
#	
#	Unloads launchagent tasks and deletes all NoMAD related files
#
####################################################################################################

## Get the current user
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk "{ print $3 }"`

# unload LaunchAgent
launchctl unload /Library/LaunchAgents/com.trusourcelabs.NoMAD.plist
launchctl unload "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"

# Kill NoMAD process
pkill NoMAD

# Reset Login Window
/usr/local/bin/authchanger -reset

# Remove Files
sudo rm -rf "/Applications/NoMAD.app"
sudo rm -rf "/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"
sudo rm -rf "/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist"

# Let it ride?
#exit 0

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

dvasquez · ‎07-28-2022

Mean for Binjali...

binjali · ‎08-12-2022

you mentioned creating the configuration profile for Jamf connect? what needs to go into it?

binjali · ‎08-19-2022

Just wondering, is there a version of this script that targets NoMAD Pro? this one works great, but it leaves Pro still on the machines that had both installed. (please don't ask me why both were pushed out; i just got here)

dvasquez · ‎07-28-2022

Ensure your end-user accounts are not mobile accounts. Then remove nomad then install and use the configuration you want and install Jamf Connect. The script below looks to be getting the job done but always test!

choudhary · ‎08-19-2024

This script is removing the Nomad, but messed up with jamf login. when I deploy this script, it deletes the nomad and when user log in again, it doesn't go to the Okta user login page instead it goes to normal login. In order to make the jamf connect login page I need to redeploy the jamf connect package, is there any document or script which separately removes the Nomad and doesn't interrupt the jamf connect package? actually we deployed the jamf connect already in our environment and now we want to remove the Nomad, its not best practice but we did it:).

dvasquez · ‎08-20-2024

I would try this:

authchanger -reset

Then logout.

choudhary · ‎08-20-2024

It’s already there in @Hugonaut script

Jamf Nation Community

Tips for swtiching off Nomad for Jamf Connect and Okta