# Nightfall macOS Agent Deployment: JumpCloud MDM ### Overview This guide provides instructions for deploying the Nightfall AI Endpoint Agent to macOS devices via JumpCloud MDM using the `mdm_jumpcloud_deploy.sh` script. The script is an all-in-one solution that handles config provisioning, installation, and ongoing health monitoring. When scheduled as a recurring JumpCloud command, it ensures the agent stays installed and running without manual intervention. ### Prerequisites Before you begin, ensure you have: * JumpCloud admin access with macOS devices enrolled * A JumpCloud device group scoped to the macOS devices you want to monitor * Deployment assets: * Configuration Profile: `NightfallAI_Profile_with_Browser_Extensions.mobileconfig` * Deployment script: `mdm_jumpcloud_deploy.sh` * Installer package: `nightfall-ai-agent-signed.pkg` | Asset | Purpose | | ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | NightfallAI\_Profile\_with\_Browser\_Extensions.mobileconfig | Pre-authorizes macOS permissions required by the Nightfall agent (Full Disk Access, System Events, Automation) and silently installs/enables the Nightfall browser extension. Prevents user prompts and tampering with security controls. | | mdm\_jumpcloud\_deploy.sh | Creates the agent configuration file, installs the .pkg if the agent is missing, and verifies services are running on every scheduled execution. | | nightfall-ai-agent-signed.pkg | Signed installer package for the Nightfall AI Endpoint Agent. | > Note: The Nightfall agent will only install correctly if the required `.mobileconfig` profile has been deployed beforehand. *** ### Step 1: Connect JumpCloud to Nightfall 1. Log in to `app.nightfall.ai` and navigate to **Settings > MDM Profile**. 2. Select **JumpCloud** from the list of supported MDM providers. 3. Complete the OAuth flow to grant Nightfall read-only access to your JumpCloud device and user directory. This maps JumpCloud user identities to devices in the Nightfall console automatically. *** ### Step 2: Deploy the MDM Profile 1. In JumpCloud Admin Portal, navigate to **Device Management** → **Policy Management**. 2. Create a new MDM Custom Configuration Profile. 1. Click the **+ button** → select **Mac** tab → select **MDM Custom Configuration Profile** > click **Configure** * Policy Name: (Name the new policy) * Mobile Configuration File: Click the upload file button * From **mac\_bundle** → **profiles** → select `NightfallAI_Profile_with_Browser_Extensions.mobileconfig` * (Optional) On the **Policy Groups** tab, select any desired groups. * On the **Device Groups** tab, select the chosen group of devices to deploy too, or choose an individual test device from the **Devices** tab. 3. Click Save and confirm the devices receive the profile. ### Step 3: Create the Deployment Command 1. In JumpCloud Admin Console, navigate to **Device Management** → **Commands** → **+ Command** → **Command**. 1. Type: Mac 2. Paste the contents of **mac\_bundle** folder → **mdm\_scripts** folder →`mdm_jumpcloud_deploy.sh` as the command body. 3. Command Name: (Name the command) 4. Run As: root 5. Event: (Recommend Run as Repeating → Day) 1. If scheduled as **Run as Repeating**, set the **Days** and Run at time. 6. Click **+ File** → select **mac\_bundle** folder → select `nightfall-ai-agent-signed.pkg` → click **Open** 7. Click the **Save** button 2. From the **Device Groups** tab, select the group (same group as Step 1). {% hint style="warning" %} Note the file path shown after upload. If it differs from the default `/tmp/nightfall-ai-agent-signed.pkg`, update `PKG_PATH` in the script to match. {% endhint %} 3. Save and run by pressing Run Now. ### Exit codes
CodeMeaning
0Success (installed, repaired, or already healthy)
1Not running as root
2Credentials not populated (script still contains placeholders)
3Package file not found atPKG_PATH
4Package installation failed
5Required MDM configuration profile not installed
6Health check completed with unresolved errors
### Step 4: Monitor and Verify * JumpCloud console: Check **Commands** → **Results** for the command's exit code and output after execution. * Verify the agent is running: * Open **Activity Monitor** → **CPU** and search for "Nightfall". Two processes should be running — one as root (daemon) and one as the logged-in user (agent). * Verify the endpoint is communicating with Nightfall: * In the Nightfall web console, navigate to **Integrations → macOS → Manage**. * Confirm the device is listed with Agent Status = **Connected**. ### Uninstalling To remove the Nightfall agent from devices, run `mdm_nightfall_ai_agent_uninstall.sh` as a one-time JumpCloud command: 1. Create a new **Command** in JumpCloud. 2. Paste the contents of `mdm_nightfall_ai_agent_uninstall.sh` as the command body. 3. Assign to the target devices and run.