Nightfall macOS Agent Deployment: JumpCloud MDM

Overview

This guide provides instructions for deploying the Nightfall AI Endpoint Agent to macOS devices via JumpCloud MDM using the mdm_jumpcloud_deploy.sh script.

The script is an all-in-one solution that handles config provisioning, installation, and ongoing health monitoring. When scheduled as a recurring JumpCloud command, it ensures the agent stays installed and running without manual intervention.

Prerequisites

Before you begin, ensure you have:

• JumpCloud admin access with macOS devices enrolled

• A JumpCloud device group scoped to the macOS devices you want to monitor

• Deployment assets:

  • Configuration Profile: NightfallAI_Profile_with_Browser_Extensions.mobileconfig

  • Deployment script: mdm_jumpcloud_deploy.sh

  • Installer package: nightfall-ai-agent-signed.pkg

Note: The Nightfall agent will only install correctly if the required .mobileconfig profile has been deployed beforehand.

Step 1: Connect JumpCloud to Nightfall

1. Log in to app.nightfall.ai and navigate to Settings > MDM Profile.

2. Select JumpCloud from the list of supported MDM providers.

3. Complete the OAuth flow to grant Nightfall read-only access to your JumpCloud device and user directory. This maps JumpCloud user identities to devices in the Nightfall console automatically.

Step 2: Deploy the MDM Profile

1. In JumpCloud Admin Portal, navigate to Device Management → Policy Management.

2. Create a new MDM Custom Configuration Profile.

   1. Click the + button → select Mac tab → select MDM Custom Configuration Profile > click Configure

      • Policy Name: (Name the new policy)

      • Mobile Configuration File: Click the upload file button

      • From mac_bundle → profiles → select NightfallAI_Profile_with_Browser_Extensions.mobileconfig

      • (Optional) On the Policy Groups tab, select any desired groups.

      • On the Device Groups tab, select the chosen group of devices to deploy too, or choose an individual test device from the Devices tab.

3. Click Save and confirm the devices receive the profile.

Step 3: Create the Deployment Command

1. In JumpCloud Admin Console, navigate to Device Management → Commands → + Command → Command.

   1. Type: Mac

   2. Paste the contents of mac_bundle folder → mdm_scripts folder →mdm_jumpcloud_deploy.sh as the command body.

   3. Command Name: (Name the command)

   4. Run As: root

   5. Event: (Recommend Run as Repeating → Day)

      1. If scheduled as Run as Repeating, set the Days and Run at time.

   6. Click + File → select mac_bundle folder → select nightfall-ai-agent-signed.pkg → click Open

   7. Click the Save button

2. From the Device Groups tab, select the group (same group as Step 1).

1. Save and run by pressing Run Now.

Exit codes

Step 4: Monitor and Verify

• JumpCloud console: Check Commands → Results for the command's exit code and output after execution.

• Verify the agent is running:

  • Open Activity Monitor → CPU and search for "Nightfall". Two processes should be running — one as root (daemon) and one as the logged-in user (agent).

• Verify the endpoint is communicating with Nightfall:

  • In the Nightfall web console, navigate to Integrations → macOS → Manage.

  • Confirm the device is listed with Agent Status = Connected.

Uninstalling

To remove the Nightfall agent from devices, run mdm_nightfall_ai_agent_uninstall.sh as a one-time JumpCloud command:

1. Create a new Command in JumpCloud.

2. Paste the contents of mdm_nightfall_ai_agent_uninstall.sh as the command body.

3. Assign to the target devices and run.