Nightfall macOS Agent Deployment: Rippling MDM

This document explains the process of installing Nightfall AI agent using the Rippling MDM.

Pre-requisites

  1. Target macOS devices are onboarded.

  2. On your Nightfall console, navigate to https://app.nightfall.ai/endpoint and click the Download Package button on the top right corner of the page. Click Download Package for macOS and unpack the contents of the downloaded file.

  3. In the downloaded folder, locate the README.md under /Profiles to learn about the various MDM profiles available.

    1. Choose the .mobileconfig profile that works best for your needs.

  4. Navigate to https://app.rippling.com/hardware/configurations and click “Add configurations”.

  5. Upload and save the config profile of your choice.

  6. Select Deploy from the three-dot context menu located on the far right of the first profile.

    • Select all employees or specific target devices.

    • Click Save.

  7. Repeat step 4 for each remaining profiles.

To install the Nightfall agent in stealth mode (without notifing the end-user), see Install Nightfall AI Agent for MAC OS.

mdm_pre_installation_script.sh

The script is used by MDMs to ensure that a macOS machine is in a clean state before installing the Nightfall Agent. It wipes any existing Nightfall installation and prepares a clean environment for a new install, including:

  • Loading API keys

  • Rebuilding folders

  • Resetting launch daemons

NightfallAI_Profile_with_Browser_Extension.mobileconfig

This profile is designed to pre-authorize and enable what the Nightfall Endpoint Agent requires on a macOS machine without needing user prompts.

  • Silently installs/enables the Nightfall browser extension

  • Allows the extension to run without prompts

  • Authorizes required permissions (content inspection, file uploads, scanning)

  • Grants macOS Privacy Permissions required by Nightfall:

    • Full Disk Access (FDA)

    • System Events/Automation Permissions

    • Application Control Permissions

  • Configures the payloads for browser + system integration

  • Prevents users from tampering with the security controls

1

Step 1 - Create & Deploy Profiles

In this step, you will create a custom profile for each of the profiles provided in your Nightfall endpoint payload.

  1. Locate NightfallAI_Profile_with_Browser_Extensions.mobileconfig in the downloaded Nightfall Endpoint payload package.

  2. Navigate to https://app.rippling.com/hardware/configurations and click Add configurations.

  3. Upload and save provided config profiles.

    • Drop or select NightfallAI_Profile_with_Browser_Extensions.mobileconfig.

    • Configuration name: “Nightfall AI Agent Profile”

    • Configuration description: “Nightfall AI Agent profile”

    • Platform: “macOS”

    • Click Save & continue.

  4. Select Deploy from the three-dot context menu located on the far right of the first profile.

    • Select all employees or specific target devices.

    • Click Save.

2

Step 2 - Configure & Deploy Software Package

Step 2.1 - Create & Configure the Software Package

  1. Navigate to: https://app.rippling.com/hardware/software

  2. Click Upload Software on the right of the page.

    • Name: “Nightfall Endpoint DLP Agent <version>

      • <version> is the version of the package your received from Nightfall.

    • Operating System: “macOS”

    • Category: “My Uploads” (Default)

    • Description: “Nightfall Endpoint DLP Agent”.

    • Upload Icon: use the .png icon file provided.

    • Upload Installer File: drop or select the provided nightfall-ai-agent-signed.pkg file.

    • Install-check script: provided in your package as mdm_pre_install_check_script.sh

    • Pre-install script: provided in your package as mdm_pre_installation_script.sh

    • Click Submit.

    • Click Add on the newly created Software Item.

    • Click Finished Selecting.

Step 2.2 - Deploy the Nightfall Endpoint DLP Agent

  1. Search or scroll to the newly added item matching the name you used in the previous step.

    a. Click Edit.

    i. Select all employees or specific target devices.

ii. Click Save.

The Nightfall Endpoint DLP Agent will now deploy to all selected target devices. This may take up to 72 hours and is dependent on the endpoint devices being turned on, connected, and pre-requisite profiles deployed.

Upgrading to a New Version

The below describes the steps to upgrade endpoints with a new version of the agent:

  1. Search or scroll to the old version of the Nightfall Endpoint DLP Agent and click “Edit”.

    a. Remove all devices from the installation list and click “Save”.

  2. Follow the steps to configure the new software package for the new version

  3. Follow these steps to deploy the new version.

The Nightfall Endpoint DLP Agent will now deploy to all selected target endpoints. Installation may take up to 48 hours and is dependent on the endpoint devices being turned on and connected.

PreviousNightfall macOS Agent Deployment: Kandji MDMNextInstall Nightfall AI Agent for Windows OS

Last updated

Was this helpful?