Guides
ProductDeveloperPartnerPersonal
ProductDeveloperPartnerPersonal

Customize macOS Installation of Cisco Secure Client

Managed device manager (MDM) systems can customize the installation of the Cisco Secure Client with various modules on macOS. Secure Client has the option to install with pre-configured Umbrella profiles and to hide modules. Modify Secure Client deployment disk image (DMG) file to select the modules to install with the client.

This guide describes how to deploy Secure Client with only the Umbrella Roaming Security and DART (for diagnostics) modules. The instructions do not include the steps to add the VPN module. For more information, see Customize AnyConnect Module Installation on MAC Endpoints.

By default, Secure Client deploys with the VPN module. To deploy Secure Client with the Umbrella Roaming Security module from the CLI or MDM, an XML configuration is required. Use a transform (ACTransforms.xml) to deploy the Secure Client without the VPN capabilities.

Table of Contents

Requirements

  • macOS version 10.14.6 or newer
  • Cisco Secure Client 5.0 or newer
  • Administrative permissions on the macOS device
  • (Optional) macOS MDM permissions

Prerequisites

Procedure

Choose the modules to install with Secure Client on a macOS device.

Step 1 – Make the DMG Package Writeable

Use Disk Utility or hdiutil to change the permissions on the DMG package from Read Only to Read/Write.

  1. Open a Terminal and set the DMG file to Read/Write. Make sure you are in the Downloads folder when running this command.
hdiutil convert cisco-secure-client-macos-<version>-predeploy-k9.dmg -format UDRW -o csc-writeable.dmg
hdiutil attach csc-writeable.dmg

Where <version> is the current version number of Secure Client.

Step 2 – Generate the Module Installation Configuration File

Generate Secure Client module configuration file. The configuration file defines the modules to include with the installation of Secure Client.

  1. Open a Terminal and launch the DMG from /Volumes. 
open /Volumes/Cisco\ Secure\ Client\<version>
  1. Run installer providing the pkg option with the name of the Secure Client package and the showChoiceChangesXML option. Redirect the output to install_choices.xml to generate the installation configuration file.
installer -pkg /volumes/Cisco\ Secure\ Client\<version>/Cisco\ Secure\ Client.pkg -showChoiceChangesXML > ~/Downloads/install_choices.xml

Where <version> is the current version number of Secure Client.

Step 3 – Copy OrgInfo.json to Cisco Secure Client Installation Directory

  1. Open a Terminal and launch the DMG from /Volumes/Profiles.
cd /Volumes/Cisco\ Secure\ Client\<version>/Profiles/Umbrella/

Where <version> is the current version number of Secure Client.

  1. Drag the OrgInfo.json file that you downloaded from Secure Access to Volumes/Profiles.

Step 4 – (Optional) Hide the VPN Module

To hide the display of the Cisco Secure Client VPN module in the client GUI, modify ACTransforms.xml.

  1. Open a Terminal and launch the ACTransforms.xml file from /Volumes.
open -e /Volumes/Cisco\ Secure\ Client\<version>/Profiles/ACTransforms.xml

Where <version> is the current version number of Secure Client.

  1. Remove the XML comments around the Transforms element, and then save ACTransforms.xml.
<Transforms>
<DisableVPN>true</DisableVPN>
<DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback>
</Transforms>

Step 5 – Customize the Cisco Secure Client Installation Modules

Edit install_choices.xml created in Step 2 – Generate the Module Installation Configuration File. Either skip or install the Secure Client modules defined in the configuration file.

  • To skip a module, define the module with 0.
  • To install a module, define the module with 1.

Note: Modifying choice_vpn does not supersede the changes that you made to ACTransforms.xml. The VPN module is required, even if the module is not displayed in the client GUI.

  1. Open a Terminal and launch install_choices.xml.
  2. Define an integer XML element for each module and assign to 0 or 1, and then save install_choices.xml.
cd /Volumes
open -e ~/Downloads/install_choices.xml

Example – Customize Cisco Secure Client Modules

In the following example, the Core VPN, Umbrella, and DART modules are set to 1 and are included in the Secure Client installation.

Note: The modules listed are subject to change. Follow Step 2 and Step 5 to extract your XML file from the target version .pkg and modify it to install the desired modules, such as Core VPN, Umbrella, and DART.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_anyconnect_vpn</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_anyconnect_vpn</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>1</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_anyconnect_vpn</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_fireamp</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_fireamp</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_fireamp</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_dart</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_dart</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>1</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_dart</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_secure_firewall_posture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_secure_firewall_posture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_secure_firewall_posture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_iseposture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_iseposture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_iseposture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_nvm</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_nvm</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_nvm</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_secure_umbrella</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_secure_umbrella</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>1</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_secure_umbrella</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_thousandeyes</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_thousandeyes</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_thousandeyes</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_duo</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_duo</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_duo</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_zta</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_zta</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_zta</string>
	</dict>
</array>
</plist>

Step 6 – Set Up the Correct Extension Permission Settings

  1. By default, macOS requires the user to accept the activation of a new System Extension. As a result, the user is presented with a popup. An MDM is required to approve the Secure Client system extension and disable the pop-up, using a management profile’s SystemExtensions payload. For more information on System Extensions payloads, see System Extensions.
  2. Follow the payload guidance in Secure Client Extension Approval using MDM to deploy the System Extension settings.

Step 7 – Install Cisco Secure Client with Selected Modules

Install Secure Client with the configured modules.

  1. Open a Terminal and mount the DMG from /Volumes.
cd ~/Downloads
diskutil eject Cisco\ Secure\ Client\<version>
hdiutil convert csc-writeable.dmg -format UDRO -o csc-readable.dmg

Where <version> is the current version number of Secure Client.

  1. Run installer providing the pkg option with the name of the Secure Client package and the applyChoiceChangesXML option with install_choices.xml. Make sure you are still in the /Volumes directory when running this command.
hdiutil attach ~/Downloads/csc-readable.dmg
sudo installer -pkg Cisco\ Secure\ Client\<version>/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML ~/Downloads/install_choices.xml -target /

Where <version> is the current version number of Secure Client.

[Customize Windows Installation of Cisco Secure Client](doc: customize-windows-installation-of-cisco-secure-client) < Customize macOS Installation of Cisco Secure Client > Active Directory Policy Enforcement and Identities

Updated about 2 months ago