RMM and MDM
      Back to home
      1. Knowledge Base
      2. Deploy the Local Data Agent
      3. RMM and MDM

      Set up Scan Permissions for macOS with Addigy

      Here, you’ll discover how to manually configure the required permissions for the Actifile agent during deployment through an MDM platform.

      This article was written with the help of Hunter from Torchsec Technologies.

      If you install Actifile on a Mac using Mobile Device Management (MDM), you will need to grant the Actifile agent necessary permissions manually. This guide explains the steps required to ensure the agent functions correctly.

      Note: The screenshots in this guide display Addigy, but the process is similar across different MDM platforms.

       

      Step 1. The Actifile agent comprises two processes: UserAgent and afmond. Start by manually creating two PPPC profiles for these processes in the Edit Smart Software section in Addigy (or in the relevant section of your chosen MDM platform).

      unnamed

      Step 2. Configure the PPPC Profile for the afmond process.

      • Profile Nameafmond

      This name is customizable and does not impact the profile’s function.

      • Identify Bycom.actifile.afmond

      This is the bundle identifier for the application.

      • Signature:

      anchor apple generic and identifier "com.actifile.afmond" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "5GK5TL7Z8W")

       

      This signature verifies the app’s certificates and developer information. You can reuse this signature as long as the app and developer remain the same.

      • Permissions: all

      Step 3. Configure the PPPC Profile for the UserAgent process.

      • Profile NameUserAgent

      This name is customizable and does not impact the profile’s function.

      • Identify By:

      Select the directory option with the following folder:

      /Library/Application Support/Actifile/UserAgent

      This is because UserAgent.sh is not an application but a script.

      • Signature:

      anchor apple generic and identifier "com.actifile.UserAgent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "5GK5TL7Z8W")

       

      This signature verifies the app’s certificates and developer information. You can reuse this signature as long as the app and developer remain the same.

      • Permissions: all

      4. Click Save and Confirm and deploy the software.