Install the Mac Adapter

The adapter is responsible for delivering policies and events between the computer and EPM when computers are managed by Endpoint Privilege Management.

The adapter polls for pending commands every 60 minutes, which can include policy updates.

Setup information is available for the Mac adapter on the Configuration page. On the sidebar menu, click Configuration to view the details.

Distribute the Adapter

The Mac adapter can be distributed to computers using the method of your choice, including Mobile Device Management (MDM) tools, such as Jamf or AirWatch.

We recommend using the Endpoint Privilege Management Rapid Deployment Tool for macOS.

The workflow for using the Rapid Deployment Tool:

  • Download the Rapid Deployment Tool. You can download the tool from the Configuration page in EPM. Go to Configuration > Privilege Management Installation.
  • Create a package that will include the information to facilitate communication between Endpoint Privilege Management and the macOS computers. Copy values from Configuration > Adapter Installation. See Create a Package for Endpoint Privilege Management.
  • Create a package that includes settings specific to the macOS computer. This includes settings like, anonymous logging, sudo management control, allow biometric authentication, and policy sources, among others. See Create a Package with Endpoint Privilege Management for Mac Base Settings.
  • Download and install the client package from the Configuration page. Go to Configuration > Privilege Management Installation. Click the macOS download link.
  • Download and install the adapter package. Go to Configuration > Adapter Installation.

For more information, see the Rapid Deployment Tool Guide.

Installer Parameters

The installer parameters include the following:

  • TenantID for your chosen method of authentication. This was recorded when EPM was installed.
  • InstallationID: Click Configuration > Adapter Installation to copy the Installation ID for the installer script.
  • InstallationKey: Click Configuration > Adapter Installation to copy the Installation Key for the installer script.
  • ServiceURI: The URL for your EPM portal.
Do not include a port number or slash character on the end of the ServerURI.

For example, neither https://test.pm.beyondtrustcloud.com/ nor https://test.pm.beyondtrustcloud.com:8080/ will work.

  • GroupID: A computer must be added to a group as part of the EPM onboard process. The group determines the policy applied to a computer. A groupID is automatically assigned to a computer during the adapter install if one is not provided.

For information on how to automatically assign and authorize computer groups, see Authorize and Assign Computers to a Group.

Run the Installer

You must install the Mac adapter using Terminal.

To install adapters:

  1. Go to Configuration > Adapter Installation to download the Endpoint Privilege Management adapter installer.
  2. Also on the Adapter Installation page, note the Tenant ID, Server URL, Installation Key, and Installation ID. You need these required parameters for the installer script.
  3. Navigate to the location of the adapter installer. By default this is the AdapterInstallers folder.
  4. Mount the DMG.
  5. From Terminal, run the installer command as shown in the example below with the parameters. The adapter installer launches. Proceed through the installation wizard.
sudo /Volumes/PrivilegeManagementConsoleAdapter/install.sh tenantid="750e85d1-c851-4d56-8c76-b9566250cf1d" installationid="95a10760-2b96-4a0e-ab65-ed7a5e8f1649" installationkey="VGhpcyBzZWNyZXQgaTYzIGJlZW4gQmFzZTY0IGVuY29kZWQ=" serviceuri="https://test.ic3.beyondtrust.com" groupid="fcc4022e-12fa-4246-87w8-0de9a1483a68"

For more information, see Authorize and Assign Computers to a Group.

Uninstall Endpoint Privilege Management for Mac

The uninstall scripts must be run from their default locations.

Uninstall Endpoint Privilege Management

To uninstall Endpoint Privilege Management locally on a Mac, run the following command:

sudo /usr/local/libexec/Avecto/Defendpoint/1.0/uninstall.sh

Uninstall the Mac Adapter

To uninstall the Mac adapter, run the following command. After running the uninstall script some related directories remain if they are not empty, such as /Library/Application Support/Avecto/iC3Adapter.

sudo /usr/local/libexec/Avecto/iC3Adapter/1.0/uninstall_ic3_adapter.sh

Remove the Endpoint Privilege Management Policy

To remove the policy once you have uninstalled Endpoint Privilege Management, run the following command:

sudo rm -rf /etc/defendpoint

Do not remove the Endpoint Privilege Management policy unless you have already uninstalled Endpoint Privilege Management.