Posted on 07-26-2019 01:50 PM
We have signed on with ZScaler and they have provided and .app installer. I have used Composer to convert it to .pkg and uploaded it to our repository. When I setup a policy to install the app, I get a log that states it was successful but ZScaler app is not installed on the target machines. Has anyone else run into this issue and what did you do to get it resolved?
Thanks,
Wil
Posted on 09-13-2019 01:31 PM
Using Composer I put the Zscaler-osx-x.x.x-installer.app in the /Applications/Utilities folder then added a postinstall script that has
/bin/sh /Applications/Utilities/Zscaler-osx-1.5.1.5-installer.app/Contents/MacOS/installbuilder.sh
in it.
Posted on 01-07-2022 05:13 AM
Hi Travid, I also wanted to do in similar way but i am new this, I am not able create pkg file, Can you help me to do that?
Posted on 02-18-2022 11:19 AM
You'll need to download Jamf Pro and use the Jamf Composer tool to build the pkg file.
Posted on 09-13-2019 06:31 PM
I built Zscaler AutoPkg recipes. More information on how to use them to build a Zscaler installer package is available via the link below:
Posted on 04-22-2021 02:10 AM
I have a script for Zscaler download and install, it has space for variables to drop in your download link, but thats pretty trivial to get from your Zscaler admin portal. Its not totally automated, but its pretty quick to update the links etc. if anything changes.
#!/bin/zsh
## This will download the version of Zscaler specified in the URL and version name fields
# this will check for application signature, if invalid will remove the application and exit with error
## This uses variables in Jamf in order to easily deploy multiple version, or different enforcements/policys
## last updated by Harry Richman, december 2020
## version 1, revision 2 for Jamf
## Set variables
zip="zscaler.zip"
app="Zscaler"
## Check is Zscaler is installed or not and to show installed version if it is already
if [ ! -f "/Applications/$app.app/Contents/Info.plist" ] ; then
echo "`date` $app isn't installed"
else
## Get installed version from plist
installedVersion=$( defaults read "/Applications/$app/$app.app/Contents/Info.plist" CFBundleShortVersionString )
echo "`date` Installed version of $app is $installedVersion"
fi
## set $4 in jamf to be the version number downloading
echo "`date` Downloading $app $4"
## Download silently and allow redirects
## Set $5 in Jamf to be the download URL for the version desired
curl -L -s -o /tmp/$zip $5
echo "`date` Changing Directory"
## Change Directory
cd /private/tmp
echo "`date` Unzipping $zip"
## unzip zip into /private/tmp/
sudo unzip -q $zip
echo "`date` Remove zip file"
## delete the zip file
rm -rf /private/tmp/$zip
## Set installer name by searching
installer=$( ls | grep "Zscaler" )
echo "`date` installing Zscaler"
## Install using correct settings, set these all to variables in jamf
## $6 for cloudname
## $7 for policy token
## $8 for domain
sudo sh /tmp/$installer/Contents/MacOS/installbuilder.sh --cloudName $6 --policyToken $7 --strictEnforcement 1 --unattendedmodeui none --userDomain $8
sleep 10
echo "`date` moving Uninstaller"
## Move uninstaller to /var to hide from users
mkdir /var/Zscaler
mv /Applications/Zscaler/UninstallApplication.app /var/Zscaler/UninstallApplication.app
echo "`date` removing installer"
## Remove installer from /tmp
rm -rf $installer
echo "`date` $app version $4 installed"
# Set path to newly installed application
applicationPath="/Applications/$app/$app.app"
# Check signature of installed application to ensure trusted
appSignature=$( pkgutil --check-signature "$applicationPath" | grep "Status:" | sed 's/^[ ]*//;s/[ ]*$//' )
## echo "Application Signature $appSignature"
# if unstrusted and exit with error
# else, continue
if [[ $appSignature != *"signed by a certificate trusted"* ]]; then
echo "`date` $app is not trusted, reccomend removing $app"
exit 1
else
echo "`date` $app version $4 trusted, install succesful"
fi
exit 0
Posted on 09-09-2021 10:03 AM
Hi,
Where are you getting the download URL from? The Zscaler dashboard portal?
Posted on 09-09-2021 12:25 PM
I don’t have access to Zscaler to confirm fully. But it is in the admin portal. Then you head to what Zscaler call the Mobile admin. And then to the app download part. There you will find download links for the various agents.
Posted on 09-21-2022 12:46 PM
Thank you for the script. I have two questions:
Is $4 only the version number listed in the download URL and where do you find the policy token information for $7.
I like that your full script includes more cleanup including hiding the uninstaller.
Posted on 06-23-2021 09:10 AM
Thanks for the script! Works good!
Posted on 11-16-2021 07:45 AM
I am using you r script but I am getting errors like the parameters aren't being passed?
Script result: Mon Nov 15 18:06:21 EST 2021 Zscaler isn't installed
Mon Nov 15 18:06:21 EST 2021 Downloading Zscaler
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
Mon Nov 15 18:06:21 EST 2021 Changing Directory
Mon Nov 15 18:06:21 EST 2021 Unzipping zscaler.zip
unzip: cannot find or open zscaler.zip, zscaler.zip.zip or zscaler.zip.ZIP.
Mon Nov 15 18:06:21 EST 2021 Remove zip file
Mon Nov 15 18:06:21 EST 2021 installing ZscalerError: There has been an error.
No value provided for option --userDomain
Use --help to get a list of valid options
Mon Nov 15 18:06:36 EST 2021 moving Uninstaller
mv: rename /Applications/Zscaler/UninstallApplication.app to /var/Zscaler/UninstallApplication.app: No such file or directory
Mon Nov 15 18:06:36 EST 2021 removing installer
Mon Nov 15 18:06:36 EST 2021 Zscaler version installed
Package does not exist: /Applications/Zscaler/Zscaler.app
Mon Nov 15 18:06:37 EST 2021 Zscaler is not trusted, reccomend removing Zscaler
Posted on 11-16-2021 08:07 AM
You need to put the $5 variable in Jamf which is the download URL from your Zscaler admin portal
there’s a few variables you need to fill in for the script to work, so be sure to work thru them to make sure you’re passing them all
Posted on 05-11-2022 05:46 AM
Helpful links from Zscaler on how to deploy.
Scripted deployment - https://community.zscaler.com/t/guide-zscaler-client-connector-deployment-with-jamf-pro-for-macos/16...
Deployment keys - https://help.zscaler.com/z-app/customizing-zscaler-app-install-options-macos
SSL Inspection - https://help.zscaler.com/zia/certificate-pinning-and-ssl-inspection
Posted on 09-13-2022 08:23 AM
Wow, nice of ZScaler to just take my script and remove my name
Posted on 09-13-2022 07:21 AM
This is what I do, and it works like a charm.
First Gather 2 or 3 key pieces of information from Zscaler
DOWNLOAD URL
From the Zscaler Internet Access Admin UI, select Policy from the left navigation bar and click on Zscaler Client Connector Portal in the Mobile section
Select Administration from the top navigation bar in the Zscaler Client Connector Portal and click on Client Connector App Store from the navigation bar on the left
Select the Personal Computer tab and select macOS from the list of Platforms
Zscaler Cloud name
If your organization is provisioned on more than one cloud, your users will normally be prompted to select the cloud to which their traffic will be sent during the enrollment process. To avoid this prompt, you can pre-configure the Zscaler Client Connector to automatically connect to the intended cloud automatically by using this installation option. To determine your cloud name, you can follow the directions in this article
PRIMARY AUTHENTICATION DOMAIN - OPTIONAL
This installation option allows users to skip the app enrollment page. If SSO is enabled for your organization, users are taken directly to your organization’s SSO login page. If you’ve integrated SSO with the app, users can also skip the SSO login page and are automatically enrolled with the Zscaler service and logged in. If your instance has multiple domains associated with it, use the primary domain for your instance.
SCRIPT
Use this script as directed and trigger it in a policy
ZScaler-Install/ZScaler-Install.sh at main · Headbolt/ZScaler-Install (github.com)
Thats it
Posted on 10-31-2022 08:05 AM
I have used below script and working but its asking user credential during installation. It should automatically log the user in as we have SSO enabled. Can somebody guide what i am missing here?
# This script will download the version of Zscaler specified in the Download URL
## last updated April 2022
## version 2, revision 1 for Jamf
## Parameters
# $4 = Download URL for Client Connector
# $5 = cloudName
# $6 = userDomain
## Set variables
certfile="/tmp/zscaler_root_cert.cer"
app="Zscaler"
## Download client zip archive to /tmp
curl -L -s -k -o /tmp/zscaler.zip $4 || { echo "`date` Download failed. Exiting" >&2; exit 1; }
cd /tmp
## unzip zip into /private/tmp/
sudo unzip -q zscaler.zip || { echo "`date` Cannot decompress dad archive. Exiting" >&2; exit 1; }
# Cleanup by removing downloaded archive
sudo rm -rf /tmp/zscaler.zip
# Get the installer string
binary=$(ls | grep "Zscaler-osx")
echo "`date` installing Zscaler"
# Execute the install script. Add additional install options if needed.
sudo sh /tmp/$binary/Contents/MacOS/installbuilder.sh --cloudName $5 --unattendedmodeui none \
--userDomain $6 --mode unattended || { echo "`date` Client Connector install failed. Exiting" >&2; exit 1; }
exit 0