I saw a couple of articles online to install Cisco Secure Client via jamf. However it was mostly for VPN and umbrella and when taking dmg from xdr into composer it proved to be less then helpful. No matter what it did not like to be manipulated. I have created a deployment script using full installer dmg for anyone that runs into this who also is using Cisco XDR. I am open to suggestions on the script but this got the job done and cleanly. Make sure you setup a configuration profile for background processes.
First thing is go in to Cisco XDR download both Full installers for AMD and ARM. Then upload the DMG files in to Jamf
Next Create the Script using this bash script. It uses the jamf waitingroom cache applications.
#!/bin/bash
# Author: Ryan Tarson
# Cisco Secure Client DMG Installer Script for Jamf (Flexible for Both Architectures)
#
# This script installs Cisco Secure Client for macOS using a pre-deploy DMG that
# contains a single package:
# com.cisco.secureclient.cloudmanagement_bootstrap-signed.pkg
#
# Parameters:
# $4 = Example DMG file name for Intel (e.g., "csc-deploy-full-XDR Default Deployment for macOS - amd64.dmg")
# $5 = Example DMG file name for Apple Silicon (e.g., "csc-deploy-full-XDR Default Deployment for macOS - arm64.dmg")
# $6 = Mounted DMG volume name (e.g., "UniefiedConnector")
#
### Variables ###
arch=$(uname -m)
if [ "$arch" = "arm64" ]; then
dmgName="$5"
else
dmgName="$4"
fi
mountVolume="$6"
waitingRoomDMG="/Library/Application Support/JAMF/Waiting Room/$dmgName"
### Logging Function ###
log() {
jamf log "$1"
}
log "Starting Cisco Secure Client installation from DMG."
log "Detected architecture: $arch"
log "Using DMG: $waitingRoomDMG"
log "Expected mounted volume: $mountVolume"
### Mount the DMG ###
log "Mounting DMG: $waitingRoomDMG"
hdiutil attach "$waitingRoomDMG" -nobrowse
sleep 5
### Verify mount ###
if [ ! -d "/Volumes/$mountVolume" ]; then
log "Mount failed: /Volumes/$mountVolume not found."
exit 1
fi
### Locate the package ###
pkgPath="/Volumes/$mountVolume/com.cisco.secureclient.cloudmanagement_bootstrap-signed.pkg"
if [ ! -f "$pkgPath" ]; then
log "Package not found at expected path: $pkgPath"
hdiutil detach "/Volumes/$mountVolume" -quiet
exit 1
fi
log "Found package: $pkgPath"
### Install the package ###
log "Installing package..."
installer -pkg "$pkgPath" -target /
installStatus=$?
if [ $installStatus -eq 0 ]; then
log "Installation succeeded."
else
log "Installation failed with exit code $installStatus."
hdiutil detach "/Volumes/$mountVolume" -quiet
exit $installStatus
fi
### Unmount the DMG ###
log "Unmounting DMG..."
hdiutil detach "/Volumes/$mountVolume" -quiet
sleep 5
### Clean up the DMG file from the Waiting Room ###
rm "$waitingRoomDMG"
log "Removed DMG file from Waiting Room."
log "Cisco Secure Client installation completed successfully."
exit 0
Create a policy for the Cisco XDR installer and add the 2 dmgs to the packages and set them to cache
Then add the script to the policy and enter the information matching the dmg file name and the name of the mount.