Install the Mac Adapter

Setup Information is available for the Mac adapter on the Access Settings page. On the dashboard page, click the Access Settings tile to view the details.

The PMC client adapter installers can be found in the AdapterInstallers folder of the PMC deployment. Use the Terminal to install the Mac PMC Adapter.

The adapters poll every 60 minutes by default. An additional delay is applied based on the CPU load of the node that the adapter is connected to. The minimum supported value for the adapter poll time is 5 minutes.

You must install the PMC adapters using this process. You can optionally choose to automatically assign endpoints to groups and authorize them in one step, using the GroupID parameter for the adapters. This is detailed in the following sections.

When PMC agents are managed by the operating system, the PMC adapter is responsible for delivering policies and events between the endpoint and PMC servers.

If you are not using the GroupID to automatically assign and authorize computer groups, you can assign and authorize endpoints in PMC.

You can install and automatically authorize Mac machines to connect to PMC using the command line.

There are six parameters for the PMC Adapter:

  • TenantID for your chosen method of authentication. This was recorded when PMC was installed.
  • InstallationID: You get this from PMC. Click Administration > . Copy the Installation ID for this script.
  • InstallationKey: You get this from PMC. Click Administration > . Copy the Installation Key for this script.
  • ServiceURI: The URL for your PMC portal.

Do not include a port number or slash character on the end of the ServerURI.

For example, neither https://test.pm.beyondtrustcloud.com/ nor https://test.pm.beyondtrustcloud.com:8080/ will work.

  • GroupID: (Optional). If supplied, this will auto authorize the endpoint and assign it to the specified group. If that group does not exist, the computer will remain in the pending state. You obtain this from PMC.
  • Cacertificateid: (Optional). The thumbprint of your SSL certificate. If you are using an SSL certificate that is trusted by a global provider, you do not need to add this parameter. If it is not, the SSL certificate must be added to the System keychain (not Login). The SSL certificate must also be set to Trusted in the System keychain.

To install the private key of the SSL Certificate:

You only need to do these steps if your SSL certificate is not issued by a trusted global provider that is preinstalled on the Mac.

  1. Obtain the .pfx portion of your SSL certificate.
  2. Double-click the .pfx file to install it into the Keychain application on the Mac. You need to enter the password for the SSL certificate. By default the certificate will be placed in the login keychain folder.
  3. Move the root certificate from the login keychain folder to the System folder keychain.
  4. Set the root certificate to Always Trust.
  5. Extract the thumbprint of your SSL certificate from the certificate. You need the thumbprint to install the Mac Adapter.
  1. Obtain the .pfx portion of your SSL certificate.
  2. Double-click the .pfx file to install it into the Keychain application on the Mac. You need to enter the password for the SSL certificate. By default the certificate will be placed in the login keychain folder.
  3. Move the root certificate from the login keychain folder to the System folder keychain.
  4. Set the root certificate to Always Trust.
  5. Extract the thumbprint of your SSL certificate from the certificate. You need the thumbprint to install the Mac Adapter.

To install adapters:

Include the GroupID to automatically group and authorize the endpoint.

Include the Cacertificateid if your SSL certificate is not issued by a trusted global provider.

  1. Navigate to the location of the adapter installer. By default this is the AdapterInstallers folder.
  2. Mount the DMG and place the PMC Adapter onto the desktop.
  3. Run the command line shown as in the example below from the Terminal.
  4. Once the adapter installer launches, proceed through the installation wizard as required.
The line breaks must be removed before you run the script.
sudo /Avecto_ic3_Adapter_x_x_x/install.sh tenantid="750e85d1-c851-4d56-8c76-b9566250cf1d" installationid="95a10760-2b96-4a0e-ab65-ed7a5e8f1649" installationkey="VGhpcyBzZWNyZXQgaTYzIGJlZW4gQmFzZTY0IGVuY29kZWQ=" serviceuri="https://test.ic3.avecto.com" groupid="fcc4022e-12fa-4246-87w8-0de9a1483a68" cacertificateid="b36b7345ff30aa7fb15fcd985fe2989c3e11aba7"

For more information, please see Authorize and Assign Computers to a Group in Privilege Management Console.