Netskope deployment failing due to template.plist not populating email in Managed Preferences.

user-CwXxaUuJBl
New Contributor

Hello JAMF/Mac Admins, We are having a tough time with Netskope deployment. There is a template.plist which is deployed to Managed Preferences and should read and populate user's email based on string "$EMAIL". This is failing to happen due to which the next steps for JAMFScript and Netskope installer fail as well. 

We are using Netskope Non AD joined mode that leverage the JAMFScript to run before Installer - NSClient is run. 

Any help would be highly appreciate. 

Template.plist looks like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>email</key>
<string>$EMAIL</string>
</dict>
</plist>

------ When this is deployed, it comes down with any string present which should be user's email address read from JAMF. 

Thanks

Paul

6 REPLIES 6

sdagley
Honored Contributor III

@user-CwXxaUuJBl If you look at your LDAP Server configuration is the User Attribute Mapping for the Email Address set to the attribute in your LDAP/AD system that corresponds to the user's email address, or something else? The $EMAIL parameter in your Netskope Configuration Profile will use that data from the user's record, and if it does not match the email address that's been provided to Netskope then your enrollment will fail.

For my org we needed the UPN for the Email Address field, so to provide the user's email address for Netskope I had to define an LDAP Extension Attribute to extract that from the user's LDAP data, and instead of using $EMAIL in our Netskope Configuration Profile it is $EXTENSIONATTRIBUTE_XX (where XX is the ID number of the LDAP Extension Attribute)

LavishCeramics
New Contributor

It is a script that is failing and not an installer and I also work in myself or the server developer. I think the new script needs a profile to do well in calling

Best Regards,

 - https://www.lavishceramics.com

AJPinto
Valued Contributor

We use netskope and are moving from domain to nondomain accounts. I REALLY dont like how netskope handles this. In anyevent, what is the error on the policy? The plist needs to be on the device BEFORE you run the netskope install policy or it will fail. Also make sure your policy parameters are correct, this is what got us in the beginning.

The Preference domain in the configuration profile, and the plist name in the policy need to match. 

AJPinto_0-1656590686791.png

 

AJPinto_1-1656590842287.png

 

 

Tribruin
Valued Contributor
Valued Contributor

We are getting ready to pilot Netskope. I worked with a Netskope engineer to setup our Jamf deployment, same as yours, non-AD and using email. 


Have you confirmed your profile is actually on the computer? Do you see the plist in /LIbrary/Managed Preferences? Can you do a defaults read /Library/Managed\ Preferences/<<profilename>>.plist email and make sure the email is properly populated?

Also, double check your script arguments as @AJPinto posted above. 

gachowski
Valued Contributor II

Could it be that NS change the script and the pasted attributes for V90 installers and later ...  : ) addon-XXXXX.goskope.com and  Your Organization ID vs REST API token

https://docs.netskope.com/en/jamf.html

 

C

MikeyK
New Contributor II

We setup Netskope using peruserconfig + IPD on macos (not domain joined), which has made things a lot easier.
When the user logs in for the first time, Netskope launches our IDP window, user signs in and the netskope configurations are downloaded. 

I remember it being a nightmare before.