Set up Scan Permissions for macOS with N-able and iMazing

This article was written with the help of Christian Voorhies from Simple Tech Innovations, Inc.

To deploy Actifile on MacOS devices via N-able, you should first configure the necessary permissions using iMazing Profile Editor. 

Step 1. Create a new Configuration Profile and select Privacy Preferences Policy Configuration.

Step 2. Grant Accessibility permissions to UserAgent.

Code Requirement Data

UserAgent:

anchor apple generic and identifier "com.actifile.UserAgent" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "5GK5TL7Z8W")

Step 3. Grant full disk access to afmond and updaterd.

Code Requirement Data

afmond:

anchor apple generic and identifier "com.actifile.afmond" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "5GK5TL7Z8W")

updaterd:

anchor apple generic and identifier updaterd and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "5GK5TL7Z8W")

Step 3. Select Login Window – Scripts.

Setup the script below.

Script:

#===================================================================#
#                                                                   #                                                                                                                                                                                                                                                                                
#        Actifile Login Script - Workaround                         #                                                                               
#        Created by Christian Voorhies on 11/7/2024                 #                                                          
#                                                License: MIT       #                                                                        
#===================================================================#

# Script Goals: Launch Actifile for the Login User.

# Steps: Check for running Actifile Agents. (afmond / updaterd)
#        Restart afmond and updaterd even if the application is running. 
#        The afmond application seems to be sleeping on startup.
#
#        Determined that the Daemons will relaunch automatically if the application is killed using pkill.

# Kill afmond and updaterd.
pkill -f "/Library/Application Support/Actifile/afmond.app/Contents/MacOS/afmond" # Killing Afmond Daemon.
pkill -f "/Library/Application Support/Actifile/updaterd" # Killing Updater Daemon.

# Exiting the script.
exit 0

Step 4. Export your profile.

Step 5. Open the N-able MDM platform, navigate to the profile tab, and select Upload Profile.

Fill out the profile details and upload your .mobileconfig profile.

Step 7. To install the profile on a device, navigate to the Devices tab and select your device. Click the triple dot menu at the end of the line and select the Install Profile option.

This will redirect you to a new page. Select the profiles you wish to add to the device. Then, select Install.