- Jamf Nation Community
- Products
- Jamf School
- Re: Struggling with Accessibility permissions for ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Struggling with Accessibility permissions for Zoho Assist
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-01-2020 12:24 PM
I am struggling with providing Accessibility permissions to our managed devices from Jamf School. We keep our staff as local standard users on the Macbooks and have been creating PPPC profiles using the PPPC Utility to do this. It's worked well for most apps, however Zoho Assist is causing problems. The way the app works is that a URL is provided where a user can download a dmg with the app and a token for the session connection. Because the app isn't registered in Applications (and because my knowledge of MacOS is very much in its infancy), I can't create a PPPC profile with drag and drop using the utility.
I can attempt to allow the permission with a Privacy payload, but hit a sticking point with how to verify the Identifier and code requirement for the app. I ran osascript against the app in the downloaded dmg to get a bundleid of com.zoho.assist.Join, but am not sure how to populate the code requirement (does not appear to be required?)
What I see is that once the profile is applied, the app is not present in the Accessibility privacy allow list on the managed device. Zoho will still prompt for admin allow accessibility when a session is initiated and a dmg is downloaded for the session. I have seen conflicting information about whether a payload or PPPC deployed allowance will actually show up here though, so am confused about this as well.
Zoho provides a KB with a bash script and a mobileconfig, however using these resulted in the managed device getting to a point where, when running the downloaded dmg, the app hangs in a state "Please wait. Establishing Connection."
If anyone has any advice on how to get accessibility allowed for Zoho Assist with standard users on managed devices through Jamf School, or advice on how to troubleshoot my specific scenario, I would greatly appreciate the assist.
Labels:
- Labels:
-
Jamf School
-
PPPC
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-11-2020 04:10 PM
I had Zoho working fine for months, but something just changed. I'm still looking for an answer. I'll let you know if I find something...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2021 02:59 PM
@Phil.James just checking in on a few of these threads. I'm still not having consistent progress with Zoho Assist. It looks like maybe the specific join.dmg that runs now is a newer version, or maybe newer ID than what we had allowed previously. I've updated this in or PPPC for the app and gone through the KB from Zoho again with no luck. Possible you were able to find a reliable deployment that worked? Much appreciated!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-08-2021 10:43 AM
I've given up on deploying the dmg. Our team is sending out download links for all remote sessions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-09-2021 09:43 AM
@Phil.James Thank you, doing the same now. Now we are working with an issue where, on an endpoint that's never run the joinzoho.dmg from download or another location before (no application support folder for zoho in the user's library), the session connects and runs without issue. On any subsequent attempted run, the user gets the pop up to join the session after running the dmg, but then it sits there at "establishing connection".
If I delete the Zoho Application Support folder for the user and run again, no issues on next run, then occurs again on subsequent run.
Stuck trying to find root cause, or script a removal of the user's app support folder for the app on logout maybe as a workaround. Thanks for getting back!
EDIT: FWIW, in case anybody else is looking, we worked around this by creating a new PPPC profile for Zoho using the PPPC utility. This resulted in Gatekeeper no longer prompting on dl of the file, but still would not run subsequent times after first, once Application Support folder for the app was created in the user library. The following was used to determine current logged in user, and delete the application support folder on login.
#!/bin/sh
loggedInUser=$( ioreg -n Root -d1 -a | xpath '/plist/dict/key[.="IOConsoleUsers"]/following-sibling::array/dict/key[.="kCGSSessionOnConsoleKey"]/following-sibling::*[1][name()="true"]/../key[.="kCGSSessionUserNameKey"]/following-sibling::string[1]/text()' 2>/dev/null )
#Directory
rm -r /Users/$loggedInUser/Library/Application Support/ZohoMeetingNativeThis provided a workaround for us for whatever the root cause is in why the app won't run on subsequent download and mount of the dmg.
