Skip to content

Deployment with Kandji

This guide covers deploying the SenseOn Universal Sensor to macOS devices using Kandji.

Kandji deploys SenseOn in two steps:

  1. Grant the agent Full Disk Access via a configuration profile.
  2. Run the SenseOn install command as a Custom Script library item. The script installs the latest published Universal Sensor version on each in-scope device.

Step 1: Enable Full Disk Access

The SenseOn endpoint agent requires Full Disk Access to operate. Upload the SenseOn Full Disk Access configuration profile to Kandji:

  1. Download the file named SEE-FDA.mobileconfig. Click here to download SEE-FDA.mobileconfig.
  2. Log in to Kandji and navigate to Library > Add New.
  3. Click Custom Profile and click Add & Configure.
  4. Give the profile a name such as SenseOn Full Disk Access.
  5. Select the Blueprint(s) you want to deploy to.
  6. Under Device families, select only Mac.
  7. Upload the SEE-FDA.mobileconfig file.
  8. Click Save.

Kandji Full Disk Access

Step 2: Copy your install command

  1. Log in to SenseOn.
  2. Navigate to Settings > Universal Sensor.
  3. Copy the macOS install command.

Step 3: Create the Kandji Custom Script

  1. Log in to Kandji and navigate to Library > Add New.
  2. Select Custom Script and click Add & Configure.
  3. Name the script SenseOn Install.
  4. Select the Blueprint(s) you want to deploy to.
  5. Under Device families, select only Mac.
  6. Set Execution Frequency to Run once per device.

  7. Paste the following into the Audit Script box, substituting your tenant hostname and installer key from Step 2:

    #!/bin/bash
set -e
curl -fsSL https://<your-tenant>.senseon.io/install.sh -o /tmp/senseon-install.sh
shasum -a 256 /tmp/senseon-install.sh  # compare against the SHA-256 value shown in Settings > Universal Sensor
SENSEON_INSTALLER_KEY="<your-installer-key>" bash /tmp/senseon-install.sh

    If your security policy does not require checksum verification, you can use the single-line form instead:

    #!/bin/bash
set -e
curl -fsSL https://<your-tenant>.senseon.io/install.sh \
  | SENSEON_INSTALLER_KEY="<your-installer-key>" bash

  8. Click Save.

Step 4: Verify

Once a managed Mac checks in and runs the script, it will appear in Digital Estate > Devices within a few minutes. For diagnostics, see Troubleshooting.

Ongoing Health Monitoring

You can put alerting in place to check that the agent is healthy on devices it has been deployed to.

  1. Log in to Kandji and navigate to Library > Add New.
  2. Select Custom Script and click Add & Configure.
  3. Give the script a name such as Check SEE status.
  4. Select the Blueprint(s) you want to monitor.
  5. Set Execution Frequency to match your needs (for example, Run Daily).

  6. Add the script below to the Audit Script box:

    sudo /usr/local/bin/seectl status

  7. Click Save.