We are currently deploying the Symantec Cloudsoc Agent via JAMF Apple Device Management.
I'm able to deploy Symantec Cloudsoc agent via jamf. The issue I'm having is with completely automating the Cloudsoc agent installation.
When deploying the Reach Agent to macOS systems with (MDM) profiles I created a payload for Kernel Extensions. As per the documentation This Enabled “Allow User Override” to allow users to approve kernel extensions. The problem I’m having now is automating the authentication part. We don’t want users to have to click on the Reach agent icon to authenticate. Instead, we want the option of automatically launching the default browser to initiate user authentication with CloudSoC.
On Mac, it says to give the ShowAuthPopup key a string value of 0 in the ReachAgentConfig.plist file at the following location:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>ShowAuthPopup</key> <string>0</string> <key>APIServer</key> <string>api-vip.elastica.net</string> <key>ENSServer</key> <string>ens.elastica.net:443</string> <key>Gateway</key> <string>gw.elastica.net</string> <key>UIServer</key> <string>app.elastica.net</string> </dict> </plist>
The issue is this location isn’t created until after the application is installed on the Machine. I’ve tried doing a “default writes” command:
defaults write /Library/Application Support/ReachAgent.app/Contents/Resources/ReachAgentConfig.plist
via a script deployed through Jamf to run after the application has been installed. When this script is used it deploys the application but doesn’t run it. I’ve also tried deploying a configuration file via Jamf with the same configurations for the ReachAgentConfig.plist pre application installment and that also didn’t work.
At this point we would like to confirm when the documentation says “Automatically opening the default browser for authentication” does this mean that once the application is installed would it automatically launch a default browser to initiate user authentication? And if so, we have SSO set up for Cloudsoc user authentication so the user will be automatically authenticated. I would like to eliminate any manually process the user would have to do for this installation and remove the possibility of users not completely installing agents on machines.