Skip to content

Deployment via Jamf Pro

This guide will cover the necessary steps to deploy the SenseOn Universal Sensor to macOS devices using Jamf Pro.

⚠ Compatibility: Deployment is fully supported via Jamf Pro but is not currently compatible with Jamf Now.

Step 1: Enable Full Disk Access

The SenseOn Endpoint agent requires Full Disk Access to operate. To give the agent full disk access upload the following configuration profile to the Jamf management device.

  1. Download the file named: SEE-FDA.mobileconfig. Click here to download SEE-FDA.mobileconfig
  2. Login to Jamf Pro and navigate to: Computers > Configuration Profiles
  3. Click: Upload > Select the SEE-FDA file > Click: Upload
  4. Set the Scope according to your requirements (this can be set to ‘All Computers and All Users’ to deploy to every device managed by Jamf). Leave all other settings as Default

Jamf create package

Step 2: Setup the Distribution Point

If the Distribution Point is not yet configured follow these steps:

  1. Navigate to: Settings > Server Infrastructure > Cloud Distribution Point
  2. Select the dropdown for Content Delivery Network
  3. Choose Jamf Cloud
  4. Tick: 'Use as Principal Distribution Point'
  5. Click: Save

Step 3: Upload Package

Once the Distribution Point has been configured, add the package to Jamf pro using the following steps.

  1. Navigate to: Settings > Computer Management > Packages
  2. Click: New
  3. Click: Choose File and select the SenseOn Agent .pkg file. Note. If the choose file button is missing you need to complete Step 2: Setup the Distribution Point
  4. Click: Save

Jamf name package

Step 4: Setup Install Key Script

To place the install key in the correct location create a script which places the key in /tmp:

  1. Download the install key file from the SenseOn Platform: Settings > Endpoint Agent Software
  2. Open the key in a text editor and Copy the contents to the clipboard
  3. In Jamf, navigate to Settings > Computer Management > Scripts
  4. Click: New
  5. Give the script a name e.g. install key
  6. Click the Script tab

  7. Use the script below, pasting in the install key content where prompted

    cat > /tmp/senseon_install.txt << 'EOF'
<PASTE CONTENTS OF install_key.txt HERE>
EOF

  8. Click: Save

Jamf create install key

Step 5: Create a Policy

Once the package and install key is added to Jamf, create the policy to push the install key and package to the Jamf management device the next time it checks in.

📝 Note: Due to a quirk in the way Jamf applies policies, the script must also be configured to update the inventory of the Jamf management device.

  1. Navigate to: Computers > Policies
  2. Click: Add
  3. Give the Policy a suitable name e.g. SEE
  4. Tick the following boxes if they are not already: Enabled Recurring Check-In
  5. In Execution Frequency, select: 'Once per computer'
  6. Configure the scope according to your requirements by clicking on the Scope tab (This can be set to All Computers and All Users to deploy to every device managed by Jamf).
  7. Click: Options tab
  8. Add the Package to the profile:
    1. Select Packages
    2. Click: Configure
    3. Click: Add on SenseOn agent uploaded earlier
    4. In Distribution Point select: Cloud Distribution Point (this may differ if you have configured other distribution points) Set Action to: Install
  9. Add the install key script:
    1. Select: Scripts
    2. Click: Configure
    3. Click: Add on the install key script created earlier
    4. Set Priority to ‘Before’
  10. Add the Update Inventory Script:
    1. Select Maintenance
    2. Click: Configure
    3. Tick Update Inventory
  11. Click: Save
  12. Once the policy is saved it should look like the below screenshot:

Jamf package details

Step 6: Verify Rollout

Once the Policy has been saved it will start installing the Agent on Devices within scope when they next check in. To check which devices have had the policy applied follow these steps:

  1. Navigate to Computers > Policies
  2. Click on the policy created in the previous section
  3. Click Logs from the bottom right
  4. From here you can see each machine in scope and the status of the deployment.

📝 Note: Devices which have not checked in yet will show ‘Pending’ and devices that have will show ‘Completed’.

Jamf logs of deployment

❓ Need help: If the installation has not been successful please confirm that TLS interception is no taking place, if it is you will need to allow list *.snson.net. Then contact our support team for additional help.