Install the Mac Adapter
The Mac adapter can be distributed to the computers using the method of your choice, including Mobile Device Management (MDM), such as Jamf or AirWatch.
You can also use the Privilege Management for Mac Rapid Deployment Tool to install the adapter. You can download the Rapid Deployment Tool from the Configuration page.
For more information, please see the Rapid Deployment Tool Guide.
Setup Information is available for the Mac adapter on the Configuration page. From the sidebar menu, click the Configuration to view the details.
The PMC client adapter installers can be found in the AdapterInstallers folder of the PMC deployment. Use the Terminal to install the Mac PMC Adapter.
The adapters poll every 60 minutes.
You must install the PMC adapters using this process. You can optionally choose to automatically assign computers to groups and authorize them in one step, using the GroupID parameter for the adapters. This is detailed in the following sections.
When PMC clients are managed by the operating system, the PMC adapter is responsible for delivering policies and events between the computer and PMC servers.
If you are not using the GroupID to automatically assign and authorize computer groups, you can assign and authorize computers in PMC.
You can install and automatically authorize Mac machines to connect to PMC using the command line.
There are six parameters for the PMC Adapter:
- TenantID for your chosen method of authentication. This was recorded when PMC was installed.
- InstallationID: You get this from PMC.
Click Configuration > Adapter Installation. Copy the Installation IDfor this script.
- InstallationKey: You get this from PMC.
Click Configuration > Adapter Installation. Copy the Installation Key for this script.
- ServiceURI: The URL for your PMC portal.
Do not include a port number or slash character on the end of the ServerURI.
For example, neither https://test.pm.beyondtrustcloud.com/ nor https://test.pm.beyondtrustcloud.com:8080/ will work.
- GroupID: (Optional). If supplied, this will auto authorize the computer and assign it to the specified group. If that group does not exist, the computer will remain in the pending state. You obtain this from PMC.
- Cacertificateid: (Optional). The thumbprint of your SSL certificate. If you are using an SSL certificate that is trusted by a global provider, you do not need to add this parameter. If it is not, the SSL certificate must be added to the System keychain (not Login). The SSL certificate must also be set to Trusted in the System keychain.
To install the private key of the SSL Certificate:
You only need to do these steps if your SSL certificate is not issued by a trusted global provider that is preinstalled on the Mac.
- Obtain the .pfx portion of your SSL certificate.
- Double-click the .pfx file to install it into the Keychain application on the Mac. You need to enter the password for the SSL certificate. By default the certificate will be placed in the login keychain folder.
- Move the root certificate from the login keychain folder to the System folder keychain.
- Set the root certificate to Always Trust.
- Extract the thumbprint of your SSL certificate from the certificate. You need the thumbprint to install the Mac Adapter.
To install adapters:
Include the GroupID to automatically group and authorize the computer.
Include the Cacertificateid if your SSL certificate is not issued by a trusted global provider.
- Navigate to the location of the adapter installer. By default this is the AdapterInstallers folder.
- Mount the DMG.
- Run the command line as in the example shown below from the Terminal with your substituted values.
- Once the adapter installer launches, proceed through the installation wizard as required.
sudo /Volumes/PrivilegeManagementConsoleAdapter/install.sh \ tenantid="750e85d1-c851-4d56-8c76-b9566250cf1d" \ installationid="95a10760-2b96-4a0e-ab65-ed7a5e8f1649" \ installationkey="VGhpcyBzZWNyZXQgaTYzIGJlZW4gQmFzZTY0IGVuY29kZWQ=" \ serviceuri="https://test.ic3.beyondtrust.com" groupid="fcc4022e-12fa-4246-87w8-0de9a1483a68" \ cacertificateid="b36b7345ff30aa7fb15fcd985fe2989c3e11aba7"
For more information, please see Authorize and Assign Computers to a Group in Privilege Management Console.
Uninstall Privilege Management for Mac
The uninstall scripts must be run from their default locations.
Uninstall Privilege Management
To uninstall Privilege Management locally on a Mac, run the following command:
Uninstall the Mac Adapter
To uninstall the Mac adapter, run the following command. After running the uninstall script some related directories remain if they are not empty, such as /Library/Application Support/Avecto/iC3Adapter.
Remove the Privilege Management Policy
To remove the policy once you have uninstalled Privilege Management, run the following command:
sudo rm -rf /etc/defendpoint
Do not remove the Privilege Management policy unless you have already uninstalled Privilege Management.