Help

Netskope deployment failing due to template.plist not populating email in Managed Preferences.

user-CwXxaUuJBl
New Contributor

Posted on ‎06-29-2022 04:00 PM

Hello JAMF/Mac Admins, We are having a tough time with Netskope deployment. There is a template.plist which is deployed to Managed Preferences and should read and populate user's email based on string "$EMAIL". This is failing to happen due to which the next steps for JAMFScript and Netskope installer fail as well. 

We are using Netskope Non AD joined mode that leverage the JAMFScript to run before Installer - NSClient is run. 

Any help would be highly appreciate. 

Template.plist looks like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>email</key>
<string>$EMAIL</string>
</dict>
</plist>

------ When this is deployed, it comes down with any string present which should be user's email address read from JAMF. 

Thanks

Paul

0 Kudos
Reply
6 REPLIES 6

sdagley
Esteemed Contributor II

Posted on ‎06-29-2022 06:47 PM

@user-CwXxaUuJBl If you look at your LDAP Server configuration is the User Attribute Mapping for the Email Address set to the attribute in your LDAP/AD system that corresponds to the user's email address, or something else? The $EMAIL parameter in your Netskope Configuration Profile will use that data from the user's record, and if it does not match the email address that's been provided to Netskope then your enrollment will fail.

For my org we needed the UPN for the Email Address field, so to provide the user's email address for Netskope I had to define an LDAP Extension Attribute to extract that from the user's LDAP data, and instead of using $EMAIL in our Netskope Configuration Profile it is $EXTENSIONATTRIBUTE_XX (where XX is the ID number of the LDAP Extension Attribute)

0 Kudos
Reply

LavishCeramics
New Contributor

Posted on ‎06-29-2022 09:53 PM

It is a script that is failing and not an installer and I also work in myself or the server developer. I think the new script needs a profile to do well in calling

Best Regards,

 - https://www.lavishceramics.com

0 Kudos
Reply

AJPinto
Honored Contributor III

‎06-30-2022 05:05 AM - edited ‎06-30-2022 05:07 AM

We use netskope and are moving from domain to nondomain accounts. I REALLY dont like how netskope handles this. In anyevent, what is the error on the policy? The plist needs to be on the device BEFORE you run the netskope install policy or it will fail. Also make sure your policy parameters are correct, this is what got us in the beginning.

The Preference domain in the configuration profile, and the plist name in the policy need to match. 

AJPinto_0-1656590686791.png

 

AJPinto_1-1656590842287.png

 

 

0 Kudos
Reply

Tribruin
Valued Contributor II

Posted on ‎06-30-2022 06:10 AM

We are getting ready to pilot Netskope. I worked with a Netskope engineer to setup our Jamf deployment, same as yours, non-AD and using email. 


Have you confirmed your profile is actually on the computer? Do you see the plist in /LIbrary/Managed Preferences? Can you do a defaults read /Library/Managed\ Preferences/<<profilename>>.plist email and make sure the email is properly populated?

Also, double check your script arguments as @AJPinto posted above. 

0 Kudos
Reply

gachowski
Valued Contributor II

Posted on ‎06-30-2022 11:48 AM

Could it be that NS change the script and the pasted attributes for V90 installers and later ...  : ) addon-XXXXX.goskope.com and  Your Organization ID vs REST API token

https://docs.netskope.com/en/jamf.html

 

C

0 Kudos
Reply

MikeyK
New Contributor III

Posted on ‎06-30-2022 06:59 PM

We setup Netskope using peruserconfig + IPD on macos (not domain joined), which has made things a lot easier.
When the user logs in for the first time, Netskope launches our IDP window, user signs in and the netskope configurations are downloaded. 

I remember it being a nightmare before.





0 Kudos
Reply