Skip to main content

Netskope Help

Deploy Client on macOS Using VMware Workspace ONE
Deploying Client on macOS Using VMware Workspace ONE (Domain-joined)

Deploying Client on domain-joined macOS devices using VMware Workspace ONE utilizes the logged in user’s UPN and pulling the branding file based on the UPN. 

Perform the following steps to deploy the client:

  1. Login to your Workspace One admin console.

  2. Go to Devices > Provisioning > Components > Files/Actions.

  3. Click Add files/Actions and select macOS.

  4. In the General tab, enter the required information.

  5. In the Files tab, upload the preinstall script, pkg file, and scripts. Also, mention the local path where these files should be downloaded.

  6. In Manifest, under Install Manifest, add the below steps in the same order.

    1. Step 1

      1. Action to perform: Run

      2. Command Line and Arguments to run: chmod +x <Install script local path> (Refer point 4 )

      3. Timeout: As you wish (default 0)

    2. Step 2

      1. Action to perform: Run

      2. Command Line and Arguments to run: sudo <Install script local path> param1 param2 param3 param4

      3. Timeout: As you wish (default 0)

      4. For UPN mode, the params are: <adonman url> <Org Key> upn

      5. For peruserconfig mode, params are: <adonman url> <Org Key> < peruserconfig

      6. For Email based, params are: <tenant url> <AD domain name> <Rest API token>

    3. Step 3

      1. Action to perform: Install

      2. File Path and Name to Install <pkg file local path>

    4. Then go to Devices > Provisioning > Product List View and click Add Product.

    5. Select MacOS as the platform.

    6. In the General tab, enter the required details.

    7. In manifest, under the policy action, specify the following:

      • Action to perform: Install Files/Actions

      • Files/Actions: Select the files/action created above

Deploying Client on macOS Using VMware Workspace ONE (Non-Domain Joined)

Deploying Client on non-domain joined macOS devices using VMware Workspace ONE utilizes a preferences list (plist) file containing the email attribute to enroll the Client.

Prerequisites: Download Netskope Root and Intermediate certificates and convert them to .cer extension. To learn more, see Certificates.

Push email from Workspace ONE user profile to device

Here, you can add the Plist file containing the email variable in Workspace Sensor. Perform the following steps to add the Plist file:

  1. Log into your Workspace One admin console.

  2. Go to Resources > Sensors.

  3. Click Add > macOS.

  4. On the New Sensor window, provide Name and Description in the General section.

  5. Click Next.

  6. In the Details section, select the following:

    • Language: Bash

    • Execution Context: System

    • Response Data Type: String

    • Code:

      #!/bin/bash
      emailPrefFile=”/Library/Managed\ Preferences/com.netskope.plist”
      if [ -f “$emailPrefFile” ];
      then	
          echo “exists”	
          echo “plist exists” > /tmp/plist.txt
      else	
          /usr/libexec/PlistBuddy -c "add email string $userMail" com.netskope.plist	
          cp com.netskope.plist /Library/Managed\ Preferences/
      echo “added”
      if
      Non-domain-PushEmail-plistfile-101.png
  7. In the Variables section, create a variable to be used in the script during execution. Add userMail and select {EmailAddress} in the Key and Value fields respectively. You can add other variable names. However, ensure to add the same variable name as provided in the ‘bash’ script.

    Non-domain-PushEmail-Variables-101.png
  8. Click Save.

    Important

    You can see the file: com.netskope.plist under the directory: /Library/Managed\Preferences/ in your macOS device. This file contains the user email address. Ensure to check if an email address is assigned to the user, if you cannot find the email address in the plist file. To learn more, view Collect Data with Sensors in macOS.

Pre-install script and package

Here, we are adding Netskope Client script and packages along with the instructions to run the script on the device.

  1. Go to Devices > Provisioning > Components > Files/Actions.

  2. Click Add Files/Actions and select macOS.

  3. In the General tab, enter the required information.

  4. In the Files tab, upload the preinstall script, pkg file, and scripts. Also, mention the local path to download these files. For example, /tmp/JamfLatest.sh. Download the latest scripts and Netskope package from Netskope Support.

  5. In Manifest, under Install Manifest, add the following steps in the same order.

    1. Step 1

      • Action to perform: Run

      • Command Line and Arguments to run: chmod +x <Install script local path> (Refer point 4 )

      • Timeout: Desired value (default 0)

    2. Step 2

      • Action to perform: Run

      • Command Line and Arguments to run: sudo <Install script local path> param1 param2 param3 param4. For example, run: sudo /tmp/<Your JAMFScript>.sh d1 d2 d3 addon-<TENANTNAME>.goskope.com ORGANISATION-ID com.netskope.plist preference_email silent_mode

      • Timeout: Desired value (default 0)

    3. Step 3

      • Action to perform: Install

      • File Path and Name to Install <pkg file local path>

  6. Go to Devices > Provisioning > Product List View.

  7. Click Add Product.

  8. Select MacOS as the platform.

  9. In the General tab, enter the required details.

  10. In Manifest, under the policy action, specify the following:

    1. Action to perform: Install Files/Action.

    2. Files/Actions: Select the files/action created above.

  11. Click Save.

Add VPN and System extensions

Customize and extend the core networking features of macOS to enable content filtering, VPN, and other functionality.

  1. Go to Resources > Profiles & Baselines > Profiles.

  2. Click Add Profile from the Add dropdown options.

  3. Select Apple macOS from the platform list.

  4. Select Device Profile in Select Context.

  5. Start typing 'System' in the search text box of the configuration profile.

  6. Expand System Extensions option and click Add.

  7. Configure Allow Systems Extensions as follows:

    • Bundle Identifier: com.netskope.client.Netskope-Client.NetskopeClientMacAppProxy

    • Team Identifier: 24W52P9M7W

    VMwareWorkspace_SystemExtensions_2_102.png
  8. Expand VPN and click Add to enter the following details

    • Connection Name: Enter a descriptive name for the Connection Name.

    • Connection Type: Select Custom SSL.

    • Identifier: com.netskope.client.Netskope-Client.

    • Server: gateway-<tenant-name>.goskope.com

    VMwareWorkspace_VPN_102.png
Enrollment Workflow

The user is enrolled using the email address from the Plist file configured in VMware Workspace ONE while running the script. The user need not perform any steps during the enrollment process.

The following steps illustrate the client enrollment workflow in VMware Workspace ONE:

  1. After you complete the steps to deploy Netskope Client in VMware Workspace ONE, log into the Workspace ONE server.

  2. Click Install on the Profile in System Preferences and follow the system prompts.

  3. Once the installation is complete, Netskope Client Configuration is displayed on screen.

    vmware_nondomain_enrollmentprocess_101.png