Enroll your Mac device

This topic describes how to enroll a Mac device using the Mac Cloud Agent.

The Mac Cloud Agent is available for download on CyberArk Identity User Portal. After you enroll the Mac, CyberArk Identity installs shortcuts to the User Portal and the Managed Software Center in your Applications folder. In addition, you can access the User Portal and Managed Software Center without entering sign-in credentials, provided you enroll as the same AD user currently logged into the Mac device.

In addition, CyberArk Identity installs a set of policy profiles on the device. The profiles set system preferences that configure communications with your company network and may impose some restrictions on the use of some computer features. You can view the installed profiles from the Systems Preferences page.

The MDM profile is not installed automatically on Big Sur. You have to install it manually to complete enrollment.

Administrator credentials are required to enroll a Mac device through the Mac Cloud Agent.

To enroll a Mac device

  1. Open a browser and log in to CyberArk Identity user portal.

    A prompt appears asking if you want to enroll your device.

    If you are not prompted to enroll and Mac device enrollment is permitted by your admin, Click the Devices tab, then click Add Devices.

  2. Click Enroll My Mac in the Enroll your Mac with CyberArk prompt or Add Devices pop up window.

    The Mac Cloud Agent download begins (CIS-Mac-Agent.dmg).

  3. Open the CIS-Mac-Agent.dmg file, then double-click the CIS-Mac-Agent.pkg file.

    The installer for Mac Cloud Agent opens.

  4. Click through the on-screen instructions, agreeing to the software license agreement and entering administrator credentials when necessary.

    After the installation completes, you can choose to launch the agent.

  5. Select Launch Idaptive Agent, then click Continue.

    The Sign In window appears.

  6. Enter the credentials for the user you want to enroll as, then click Next.

    The welcome screen appears.

    Enter credentials for the same user currently logged in to the Mac for that user to benefit from single sign-on to the Managed Software Center and the Identity User Portal.

  7. Click Enroll to enroll the device for the user that is signed in to the Mac Cloud Agent.

    The Mac Cloud Agent begins the enrollment process. Because the Mac Cloud Agent needs to authenticate as an admin and the profiles make changes to System Preferences, you will be prompted to enter your computer admin credentials to proceed. Enter your admin credentials when required and click OK to continue the enrollment process.

  8. Click Done when you see the Enrollment Complete message.

    The Managed Software Center (if it's configured by your admin) and a shortcut to the Identity User Portal are now available in the Applications folder and the Launchpad.

    The next time you log in to the User Portal, your Mac device appears on the Devices page and you can send commands to it (see Send commands to devices for the commands information).

  9. Log out of the Mac device and then log back in to benefit from single sign-on to the user portal.

  10. (Optional) Verify the successful enrollment by viewing CyberArk Identity profiles.

    The enrollment process installs the following profiles (found in System Preferences > Profiles).

    Profile

    Settings

    CyberArk Identity

    Mobile Device Management (MDM)

    SCEP (Simple Certificate Enrollment Process) Enrollment Request.

    Trust Profile for CyberArk Customer <customer ID>

    Certificate

    ZSO Cert Issuing Authority

    Certificate

    ZSO User Cert

    Certificate

    Managed Preferences
    When you open the User Portal after installing the Mac Cloud Agent, your browser requests access to key “Configuration Profiles”. For example, Safari shows the following prompt.

    Click Allow or Always Allow to finish configuring your browser for ZSO for either this session or as long as you are enrolled, respectively.

  1. Open a browser and log in to CyberArk Identity user portal.

    A prompt appears asking if you want to enroll your device.

    If you are not prompted to enroll and Mac device enrollment is permitted by your admin, Click the Devices tab, then click Add Devices.

  2. Click Enroll My Mac in the Enroll your Mac with CyberArk prompt or Add Devices pop up window.

    The Mac Cloud Agent download begins (CIS-Mac-Agent.dmg).

  3. Open the CIS-Mac-Agent.dmg file, then double-click the CIS-Mac-Agent.pkg file.

    The installer for Mac Cloud Agent opens.

  4. Click through the on-screen instructions, agreeing to the software license agreement and entering administrator credentials when necessary.

    After the installation completes, you can choose to launch the agent.

  5. Select Launch Idaptive Agent, then click Continue.

    The Sign In window appears.

  6. Enter the credentials for the user you want to enroll as, then click Next.

    Enter credentials for the same user currently logged in to the Mac for that user to benefit from single sign-on to the Managed Software Center and the Identity User Portal.

    The welcome screen appears.

  7. Click Enroll to enroll the device for the user that is signed in to the Mac Cloud Agent.

    The Mac Cloud Agent begins the enrollment process. Because the Mac Cloud Agent needs to authenticate as an admin and the profiles make changes to System Preferences, you will be prompted to enter your computer admin credentials to proceed. Enter your admin credentials when required and click OK to continue the enrollment process.

  8. Click Done when you see the Enrollment Complete message.

    The Managed Software Center (if it's configured by your admin) and a shortcut to the Identity User Portal are now available in the Applications folder and the Launchpad.

  9. Open System Preferences, then click Profiles.

  10. Select CyberArk Identity profile from the list of downloaded profiles, then click Install... and confirm the installation, entering your admin credentials as needed.

  11. Log out of the Mac device and then log back in to benefit from single sign-on to the user portal.

  12. (Optional) Verify the successful enrollment by viewing CyberArk Identity profiles.

    The enrollment process installs the following profiles (found in System Preferences > Profiles).

    Profile

    Settings

    CyberArk Identity

    Mobile Device Management (MDM)

    SCEP (Simple Certificate Enrollment Process) Enrollment Request.

    Trust Profile for CyberArk Customer <customer ID>

    Certificate

    ZSO Cert Issuing Authority

    Certificate

    ZSO User Cert

    Certificate

    Managed Preferences
    When you open the User Portal after installing the Mac Cloud Agent, your browser requests access to key “Configuration Profiles”. For example, Safari shows the following prompt.

    Click Allow or Always Allow to finish configuring your browser for ZSO for either this session or as long as you are enrolled, respectively.