Using an Unattended Install Method

After downloading the latest bundled macOS Agent package onto one of your macOS endpoints, extract the IBMSecurityAgent-n-n-nnnn.pkg installer from inside the DMG and upload it to your MDM's distribution point.

Create a policy to include the newly uploaded installer package, and include the script below to run before the package installation. Replace the values for tmsBaseUrl and installCode as required. loginProcessingDelayS has a default value of 30 (seconds). The validateServerCertificate setting controls whether the endpoint agent validates the Verify Privilege Manager server's certificate when communicating with the server; set the value to 1 to enable validation. The default value is 0 for backward compatibility.

Refer to this video demonstration.

Replace the version placeholders with the real package file version numbers.

Copy 
#!/bin/zsh
            # Verify Privilege Manager macOS configuration script to be used with a "vanilla" download of the agent.
            # This script should be used as a pre-install payload to run prior to the installation of the PKG.
            # Replace the tmsBaseUrl with your own server url i.e "https://your.privman.com/TMS"
            # Replace installCode with your own details.

            /bin/mkdir -p /Library/Application\ Support/Delinea/Agent/

            /bin/cat << EOF > /Library/Application\ Support/Delinea/Agent/agentconfig.json
            {
            "tmsBaseUrl": "",
            "installCode": "",
            "loginProcessingDelayS": 30, 
            "validateServerCertificate": 0
            }
            EOF
            sleep 5
        

It will take 15-30 minutes for newly installed agents to register in Verify Privilege Manager. See the agent registration information in the Terminal Commands topic to speed the process up.

Uninstalling an Agent

In the 11.4.3 agent, instead of using a shell script to uninstall the agent, there is now an uninstaller .pkg file. When you need to uninstall the macOS agent, mount the .dmg file and use the Uninstaller.pkg package.

There will be prompts for admin credentials throughout the process. Once the uninstaller has finished, this screen is displayed.

Uninstall.sh

If the Uninstall.sh script is still needed to add to an existing script-based workflow, it can be run as follows:

sudo <pathToDownloadedUninstallScript>/Uninstall.sh

Verification

Running pkgutil - -files com.delinea.agent should report the following:

No receipt for 'com.delinea.agent' found at '/'.

Deploying Uninstaller.pkg with an MDM

Removing a system extension requires that the end user supply admin credentials, unless the system extension was installed silently using an MDM Configuration Profile with a System Extension whitelist payload. See Using MDM Profiles for your Agent.

If this is the case in your environment, it is possible to uninstall Verify Privilege Manager without end user interaction via Jamf or MDM using these steps.

  1. Remove the deployed system extension whitelist profile from the endpoint. This will terminate the system extension.

Unloading the system extension WILL DISABLE THE AGENT.

  1. Push out the Uninstaller.pkg via policy to uninstall Verify Privilege Manager.

  2. An endpoint reboot is not required, but the terminated system extension will remain installed and inactive until reboot.