ZScaler App Deployment

will_pitre
New Contributor

We have signed on with ZScaler and they have provided and .app installer. I have used Composer to convert it to .pkg and uploaded it to our repository. When I setup a policy to install the app, I get a log that states it was successful but ZScaler app is not installed on the target machines. Has anyone else run into this issue and what did you do to get it resolved?

Thanks,
Wil

14 REPLIES 14

Travid
New Contributor II

Using Composer I put the Zscaler-osx-x.x.x-installer.app in the /Applications/Utilities folder then added a postinstall script that has

/bin/sh /Applications/Utilities/Zscaler-osx-1.5.1.5-installer.app/Contents/MacOS/installbuilder.sh

in it.
46e239b634ed4736882e15707bc2b2a5

Hi Travid, I also wanted to do in similar way but i am new this, I am not able create pkg file, Can you help me to do that?

 

Travid
New Contributor II

You'll need to download Jamf Pro and use the Jamf Composer tool to build the pkg file.

rtrouton
Valued Contributor III

I built Zscaler AutoPkg recipes. More information on how to use them to build a Zscaler installer package is available via the link below:

https://derflounder.wordpress.com/2019/07/26/building-customized-postinstall-scripts-for-autopkg-rec...

aharonrichman
New Contributor II

I have a script for Zscaler download and install, it has space for variables to drop in your download link, but thats pretty trivial to get from your Zscaler admin portal. Its not totally automated, but its pretty quick to update the links etc. if anything changes.

#!/bin/zsh

## This will download the version of Zscaler specified in the URL and version name fields
# this will check for application signature, if invalid will remove the application and exit with error 
## This uses variables in Jamf in order to easily deploy multiple version, or different enforcements/policys

## last updated by Harry Richman, december 2020
## version 1, revision 2 for Jamf

## Set variables
zip="zscaler.zip"
app="Zscaler"


## Check is Zscaler is installed or not and to show installed version if it is already
    if [ ! -f "/Applications/$app.app/Contents/Info.plist" ] ; then
            echo "`date` $app isn't installed"
    else

    ## Get installed version from plist
        installedVersion=$( defaults read "/Applications/$app/$app.app/Contents/Info.plist" CFBundleShortVersionString )

        echo "`date` Installed version of $app is $installedVersion"
    fi

## set $4 in jamf to be the version number downloading
echo "`date` Downloading $app $4"
## Download silently and allow redirects
## Set $5 in Jamf to be the download URL for the version desired
curl -L -s -o  /tmp/$zip $5

echo "`date` Changing Directory"
## Change Directory
cd /private/tmp

echo "`date` Unzipping $zip"
## unzip zip into /private/tmp/
sudo unzip -q $zip

echo "`date` Remove zip file"
## delete the zip file
rm -rf /private/tmp/$zip

## Set installer name by searching 
installer=$( ls | grep "Zscaler" )

echo "`date` installing Zscaler"
## Install using correct settings, set these all to variables in jamf
## $6 for cloudname
## $7 for policy token
## $8 for domain
sudo sh /tmp/$installer/Contents/MacOS/installbuilder.sh --cloudName $6  --policyToken $7  --strictEnforcement 1 --unattendedmodeui none --userDomain $8

sleep 10

echo "`date` moving Uninstaller" 
## Move uninstaller to /var to hide from users
mkdir /var/Zscaler
mv /Applications/Zscaler/UninstallApplication.app /var/Zscaler/UninstallApplication.app

echo "`date` removing installer"
## Remove installer from /tmp
rm -rf $installer

echo "`date` $app version $4 installed"

# Set path to newly installed application
applicationPath="/Applications/$app/$app.app"

# Check signature of installed application to ensure trusted
appSignature=$( pkgutil --check-signature "$applicationPath" | grep "Status:" | sed 's/^[ 	]*//;s/[ 	]*$//' )
## echo "Application Signature $appSignature"

# if unstrusted and exit with error
# else, continue
            if [[ $appSignature != *"signed by a certificate trusted"* ]]; then
                    echo "`date` $app is not trusted, reccomend removing $app"
                    exit 1
                else
                    echo "`date` $app version $4 trusted, install succesful"
            fi

exit 0

Hi,

Where are you getting the download URL from? The Zscaler dashboard portal? 

I don’t have access to Zscaler to confirm fully. But it is in the admin portal. Then you head to what Zscaler call the Mobile admin. And then to the app download part. There you will find download links for the various agents. 

Thank you for the script. I have two questions:

Is $4 only the version number listed in the download URL and where do you find the policy token information for $7.

I like that your full script includes more cleanup including hiding the uninstaller.

Frank_Sonder
New Contributor III

Thanks for the script! Works good!

Coltrane
New Contributor II

I am using you r script but I am getting errors like the parameters aren't being passed?  


Script result: Mon Nov 15 18:06:21 EST 2021 Zscaler isn't installed
Mon Nov 15 18:06:21 EST 2021 Downloading Zscaler
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
Mon Nov 15 18:06:21 EST 2021 Changing Directory
Mon Nov 15 18:06:21 EST 2021 Unzipping zscaler.zip
unzip: cannot find or open zscaler.zip, zscaler.zip.zip or zscaler.zip.ZIP.
Mon Nov 15 18:06:21 EST 2021 Remove zip file
Mon Nov 15 18:06:21 EST 2021 installing Zscaler

Error: There has been an error.
No value provided for option --userDomain
Use --help to get a list of valid options
Mon Nov 15 18:06:36 EST 2021 moving Uninstaller
mv: rename /Applications/Zscaler/UninstallApplication.app to /var/Zscaler/UninstallApplication.app: No such file or directory
Mon Nov 15 18:06:36 EST 2021 removing installer
Mon Nov 15 18:06:36 EST 2021 Zscaler version installed
Package does not exist: /Applications/Zscaler/Zscaler.app
Mon Nov 15 18:06:37 EST 2021 Zscaler is not trusted, reccomend removing Zscaler

You need to put the $5 variable in Jamf which is the download URL from your Zscaler admin portal 


there’s a few variables you need to fill in for the script to work, so be sure to work thru them to make sure you’re passing them all

swolosin
New Contributor III

Wow, nice of ZScaler to just take my script and remove my name

Headbolt
New Contributor II

This is what I do, and it works like a charm.

First Gather 2 or 3 key pieces of information from Zscaler

DOWNLOAD URL

  1. From the Zscaler Internet Access Admin UI, select Policy from the left navigation bar and click on Zscaler Client Connector Portal in the Mobile section

  2. Select Administration from the top navigation bar in the Zscaler Client Connector Portal and click on Client Connector App Store from the navigation bar on the left

  3. Select the Personal Computer tab and select macOS from the list of Platforms

  4. Right-click on the Download Link icon and copy the download link address. You don’t need to download the actual installer, just the download link address.

Zscaler Cloud name

If your organization is provisioned on more than one cloud, your users will normally be prompted to select the cloud to which their traffic will be sent during the enrollment process. To avoid this prompt, you can pre-configure the Zscaler Client Connector to automatically connect to the intended cloud automatically by using this installation option. To determine your cloud name, you can follow the directions in this article

 

PRIMARY AUTHENTICATION DOMAIN - OPTIONAL

This installation option allows users to skip the app enrollment page. If SSO is enabled for your organization, users are taken directly to your organization’s SSO login page. If you’ve integrated SSO with the app, users can also skip the SSO login page and are automatically enrolled with the Zscaler service and logged in. If your instance has multiple domains associated with it, use the primary domain for your instance.

 

SCRIPT

Use this script as directed and trigger it in a policy

ZScaler-Install/ZScaler-Install.sh at main · Headbolt/ZScaler-Install (github.com)

 

Thats it