Help

SentinelOne Agent Installation

Go to solution
FueledbyCoffee
New Contributor

Posted on ‎01-10-2023 04:31 AM

Good afternoon JAMF Nation. Just want to get your professional guide/advice on how to install the SentinelOne agents in our MacOS devices using JAMF. I have the PKG file needed but when I tried installing it as normal, it failed. Looking for a friend, TIA!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor
In response to mdryer

Posted on ‎02-28-2023 01:12 PM

SentinelOnes Documentation covers this, you need to approve three items and give them SystemPolicyAllFiles access. I honestly recommend pinging SentinelOne as they have good documentation for macOS and even have JAMF specific documentation.

 

Below is what I use. I always hate when people copy paste screenshots with the code requirements I needed but you cant copy it. So I put the code requirement stuff in the code blocks. 

 

  • com.sentinelone.sentineld-shell

 

ID: com.sentinelone.sentineld-shell

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_0-1677618355074.png

 

  • com.sentinelone.sentineld-helper

 

ID: com.sentinelone.sentineld-helper

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_1-1677618370657.png

 

  • com.sentinelone.sentineld

 

ID: com.sentinelone.sentineld

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_2-1677618378724.png

 

View solution in original post

5 REPLIES 5

Go to solution
AJPinto
Honored Contributor

Posted on ‎01-10-2023 05:12 AM

Sent1 has really good documentation for macOS and JAMF, reach out to your Sent1 rep and they should be able to get you going. 

 

A quick over view. Sent1's package needs to be cached, and run with a script. The script contains the token sent1 needs to install. In the policy, cache the package, and run the script with a priority "after".

#!/bin/bash
sudo echo "$4" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token 
sudo /usr/sbin/installer -pkg "/Library/Application Support/JAMF/Waiting Room/$5" -target /

$4 is the token

$5 is the package name

Go to solution
mdryer
New Contributor II
In response to AJPinto

Posted on ‎02-28-2023 12:53 PM

Works like a charm.

0 Kudos

Go to solution
mdryer
New Contributor II

‎02-28-2023 12:49 PM - edited ‎02-28-2023 12:52 PM

@AJPinto What are you doing to ensure full disk access / all other approvals?
We are using the PPPC tool, but it seems like there may still be some that are not approved by that.

0 Kudos

Go to solution
AJPinto
Honored Contributor
In response to mdryer

Posted on ‎02-28-2023 01:12 PM

SentinelOnes Documentation covers this, you need to approve three items and give them SystemPolicyAllFiles access. I honestly recommend pinging SentinelOne as they have good documentation for macOS and even have JAMF specific documentation.

 

Below is what I use. I always hate when people copy paste screenshots with the code requirements I needed but you cant copy it. So I put the code requirement stuff in the code blocks. 

 

  • com.sentinelone.sentineld-shell

 

ID: com.sentinelone.sentineld-shell

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_0-1677618355074.png

 

  • com.sentinelone.sentineld-helper

 

ID: com.sentinelone.sentineld-helper

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_1-1677618370657.png

 

  • com.sentinelone.sentineld

 

ID: com.sentinelone.sentineld

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_2-1677618378724.png

 

Go to solution
mdryer
New Contributor II

Posted on ‎03-06-2023 01:18 PM

Here is SentinelOne's official documentation. 
If you follow all the steps, you will be able to install and configure everything without having end users have to approve anything.

https://usea1-012.sentinelone.net/docs/en/installing-and-upgrading-macos-kextless-agents-with-jamf.h...

0 Kudos