# Nightfall macOS Agent Deployment: JumpCloud MDM ### Overview This guide provides instructions for deploying the Nightfall AI Endpoint Agent to macOS devices via JumpCloud MDM using the `mdm_jumpcloud_deploy.sh` script. The script is an all-in-one solution that handles config provisioning, installation, and ongoing health monitoring. When scheduled as a recurring JumpCloud command, it ensures the agent stays installed and running without manual intervention. ### Prerequisites Before you begin, ensure you have: * JumpCloud admin access with macOS devices enrolled * A JumpCloud device group scoped to the macOS devices you want to monitor * Deployment assets: * Configuration Profile: `NightfallAI_Profile_with_Browser_Extensions.mobileconfig` * Deployment script: `mdm_jumpcloud_deploy.sh` * Installer package: `nightfall-ai-agent-signed.pkg` | Asset | Purpose | | ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | NightfallAI\_Profile\_with\_Browser\_Extensions.mobileconfig | Pre-authorizes macOS permissions required by the Nightfall agent (Full Disk Access, System Events, Automation) and silently installs/enables the Nightfall browser extension. Prevents user prompts and tampering with security controls. | | mdm\_jumpcloud\_deploy.sh | Creates the agent configuration file, installs the .pkg if the agent is missing, and verifies services are running on every scheduled execution. | | nightfall-ai-agent-signed.pkg | Signed installer package for the Nightfall AI Endpoint Agent. | > Note: The Nightfall agent will only install correctly if the required `.mobileconfig` profile has been deployed beforehand. *** ### Step 1: Connect JumpCloud to Nightfall 1. Log in to `app.nightfall.ai` and navigate to **Settings > MDM Profile**. 2. Select **JumpCloud** from the list of supported MDM providers. 3. Complete the OAuth flow to grant Nightfall read-only access to your JumpCloud device and user directory. This maps JumpCloud user identities to devices in the Nightfall console automatically. *** ### Step 2: Deploy the MDM Profile 1. In JumpCloud Admin Portal, navigate to **Device Management** → **Policy Management**. 2. Create a new MDM Custom Configuration Profile. 1. Click the **+ button** → select **Mac** tab → select **MDM Custom Configuration Profile** > click **Configure** * Policy Name: (Name the new policy) * Mobile Configuration File: Click the upload file button * From **mac\_bundle** → **profiles** → select `NightfallAI_Profile_with_Browser_Extensions.mobileconfig` * (Optional) On the **Policy Groups** tab, select any desired groups. * On the **Device Groups** tab, select the chosen group of devices to deploy too, or choose an individual test device from the **Devices** tab. 3. Click Save and confirm the devices receive the profile. ### Step 3: Create the Deployment Command 1. In JumpCloud Admin Console, navigate to **Device Management** → **Commands** → **+ Command** → **Command**. 1. Type: Mac 2. Paste the contents of **mac\_bundle** folder → **mdm\_scripts** folder →`mdm_jumpcloud_deploy.sh` as the command body. 3. Command Name: (Name the command) 4. Run As: root 5. Event: (Recommend Run as Repeating → Day) 1. If scheduled as **Run as Repeating**, set the **Days** and Run at time. 6. Click **+ File** → select **mac\_bundle** folder → select `nightfall-ai-agent-signed.pkg` → click **Open** 7. Click the **Save** button 2. From the **Device Groups** tab, select the group (same group as Step 1). {% hint style="warning" %} Note the file path shown after upload. If it differs from the default `/tmp/nightfall-ai-agent-signed.pkg`, update `PKG_PATH` in the script to match. {% endhint %} 3. Save and run by pressing Run Now. ### Exit codes
CodeMeaning
0Success (installed, repaired, or already healthy)
1Not running as root
2Credentials not populated (script still contains placeholders)
3Package file not found atPKG_PATH
4Package installation failed
5Required MDM configuration profile not installed
6Health check completed with unresolved errors
### Step 4: Monitor and Verify * JumpCloud console: Check **Commands** → **Results** for the command's exit code and output after execution. * Verify the agent is running: * Open **Activity Monitor** → **CPU** and search for "Nightfall". Two processes should be running — one as root (daemon) and one as the logged-in user (agent). * Verify the endpoint is communicating with Nightfall: * In the Nightfall web console, navigate to **Integrations → macOS → Manage**. * Confirm the device is listed with Agent Status = **Connected**. ### Uninstalling To remove the Nightfall agent from devices, run `mdm_nightfall_ai_agent_uninstall.sh` as a one-time JumpCloud command: 1. Create a new **Command** in JumpCloud. 2. Paste the contents of `mdm_nightfall_ai_agent_uninstall.sh` as the command body. 3. Assign to the target devices and run. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_endpoint/installation_mac/nightfall-macos-agent-deployment-jumpcloud-mdm.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.