You can use Jamf Pro to install the Teramind Agent remotely. The process involves creating a package and then deploying it with a Jamf policy. You can also specify macOS permissions needed for the Agent with Jamf.

You will need to download the Teramind Agent installation file and optionally configure any installation parameter. To download and prepare the installation file, follow these steps:

1. Click the User Menu (the username at the top-right corner) on the Teramind Dashboard.

2. Select Download Teramind Agent from the menu and follow the instructions on screen to download the Agent.

3. Rename the downloaded .pkg file to include any necessary installation parameter(s). For example:

Jamf configuration profiles provide an easy way to remotely configure settings and OS permissions for devices, computers, and users.

There are two ways to set most of the required permissions:

You must grant Accessibility permission so the Mac Agent can capture keystrokes and parse UI elements.

You can do this:

A. Via Jamf UI (PPPC profile), or

B. Via Accessibility mobileconfig file.

1. In your Jamf Pro dashboard, click Computers at the top of the sidebar.

2. Click Configuration Profiles in the left sidebar.

3. Click the + New button. You will be taken to the New Profile screen:

4. From the top, select Options. You will see a list of payloads on the left.

5. Select the Privacy Preferences Policy Control payload to configure the accessibility settings.

6. Under App Access, use the following settings for the Stealth Agent:

Use the following settings for the Revealed Agent:

7. Make sure the Accessibility option under the APP OR SERVICE is allowed access. If not, use the Edit button to change it.

8. Click the Save button to save the profile.

(You do not need to create the profile from 2.1.A if you use this file.)

Instead of creating the Privacy Preferences Policy Control (PPPC) profile in Jamf manually, you can apply the pre-built Accessibility mobileconfig profile. In order to grant the Accessibility permissions to allow the Mac Agent to capture keystrokes and parse UI elements download the following mobileconfig file and apply it in Jamf:

Check out the How to Add a Mobile Config File to Jamf section below to learn more.

Teramind uses two system extensions:

There are two ways to allow these extensions:

A. Via Jamf UI:

B. Via the System Extensions mobileconfig file - for both extensions.

1. Create another profile (follow Steps 1-4 under the 2.1.A Create the Accessibility Profile in Jamf UI section).

2. Select the System Extensions payload to configure the network settings.

3. Under the Allowed Team IDs and System Extensions, use the following settings:

4. In the ALLOWED SYSTEM EXTENSIONS field, enter com.teramind.networkextension. If needed, use the Edit button to add the extension.

5. Click the Save button to save the profile.

1. Create another profile (follow Steps 1-4 under the 2.1.A Create the Accessibility Profile in Jamf UI section).

2. Select the System Extensions payload to configure the network settings.

3. Under the Allowed Team IDs and System Extensions, use the following settings:

4. In the ALLOWED SYSTEM EXTENSIONS field, enter com.teramind.systemextension.endpointsecurity. If needed, use the Edit button to add the extension.

5. Click the Save button to save the profile.

(You do not need to create the profiles from 2.2.A if you use this file.)

Instead of creating two Jamf profiles, you can use a single mobileconfig that authorizes both. In order to avoid popup messages asking the user to allow the network and endpoint security extensions, apply the System Extensions mobileconfig file in Jamf:

Check out the How to Add a Mobile Config File to Jamf section to learn more.

In order to grant the full disk permissions to allow the Mac Agent to capture the file events user should grant full disk access to the system extension. You can download the attached mobileconfig file and apply it in Jamf:

Check out the How to Add a Mobile Config File to Jamf section to learn more.

In order to handle HTTPS traffic, SSL certificate should be included in the MAC keychain. If you distribute the mac agent via JAMF, the best way to include the certificate - is to use the mobileconfig file:

Check out the How to Add a Mobile Config File to Jamf section to learn more.

In order to allow VPN configuration, use the following mobileconfig file:

Check out the How to Add a Mobile Config File to Jamf section to learn more.

Sometimes the macOS might show a "Background Items Added" notification to the user:

To suppress the notification, you can add the following mobileconfig file:

Check out the How to Add a Mobile Config File to Jamf section to learn more.

As the next step, you will need to create a package. Creating the package involves uploading the Teramind Agent installer file (.pkg) to Jamf, and configuring settings for the package. Follow the steps below to create the package:

1. In your Jamf Pro dashboard, click the Settings icon located at the top-right corner.

2. Click the Computer Management tab.

3. Select Packages from the list of items (you can search for it using the Search field above the tabs). This will show you a list of available packages. It no package is available, an empty list will be displayed:

4. Click the + New button. You will be taken to the New Package screen:

5. Click the Choose File button and upload the installation file you previously prepared in the Download and Prepare the Installation File section. Once the file is uploaded, it will show up next to the Choose File button and the Display Name field will be populated with the filename.

6. Optionally, you can use the Options tab to configure additional settings for the package, including deployment priority.

7. Optionally, you can use the Limitations tab and configure limitations for the package, including the operating system.

8. Click the Save button to save the package. You will see an Availability Pending message while the package is being prepared. It might take a moment for the package to become available.

Jamf policies allow you to remotely perform common administrative tasks on the managed computers. For example, using a policy you can run scripts, manage accounts, and install software.

We will use a policy to install the package you created previously in the Create the Package section.

Follow the steps below to create a policy and add a package to it:

1. In your Jamf Pro dashboard, click Computers at the top of the left sidebar.

2. Click Policies in the left sidebar.

3. Click the + New button. You will be taken to the New Policy screen:

4. From the top, select Options. You will see a list of payloads on the left.

5. Select the General payload. This will allow you to configure basic settings for the policy.

6. Enter a Display Name for the policy. For example, teramind_stealth_install. Make sure the Enabled option is checked.

7. Under Trigger, enable the events that will trigger the activation of the policy. For this tutorial, we will enable the following events: Startup, Login, Network State Change, Enrollment Complete, and Recurring Check-in.

8. Select how often the policy will run from the Execution Frequency dropdown list. For our purpose, Once per computer is fine.

9. Enter the Target Drive on which the policy will run. The default / value means the boot drive, which should be fine for most cases.

10. Optionally, you can configure other settings like the server-side/client-side limitations if needed.

11. Once you are done configuring the General payload, click the Packages payload. You will be taken to the Configure Packages screen:

12. Click the Configure button. A list of available packages will be displayed:

13. From the list of packages, click the Add button next to the package you previously created in the Create the Package section. The package will be added to the policy and you will be taken to the package’s deployment settings:

14. Optionally, change the package’s Distribution Point. For this tutorial, we will use the default, Each computer’s default distribution point option.

15. Optionally, change the Action if needed. For this tutorial, we will use the default, Install action.

16. Click General from the list of payloads on the left. This will take you back to the General payload screen:

17. Change the Category to Installer.

18. Click the Scope tab on top. This will allow you to change the targets, limitations, and other settings for the deployment:

19. Click the Targets tab on top.

20. Select a suitable option for the Target Computers and Target Users as needed. You can deploy the policy to all computers/users or specific computers/users.

21. Click the + Add button. A list of users/computers will be displayed as per the targets:

22. Click the Add button next to a target computer/user to add it to the deployment list.

23. Click the Save button to save the policy. The Agent will be installed when the policy is triggered.

Add a script (either in the same policy you created in Step 4, or a separate policy that runs after installation) to activate network and file monitoring.

Revealed Agent:

Optional (for Geolocation Monitoring):

Hidden Agent:

Optional (for Geolocation Monitoring):

The above commands should be distributed across the Mac devices through the script installation after the Agent installation step in order to activate network and filesystem monitoring.