Customize macOS Installation of Cisco Secure Client
Managed Device Manager systems can customize the installation of the Cisco Secure Client with various modules on macOS. Cisco Secure Client offers the flexibility to install with preconfigured Umbrella profiles and to hide modules if needed. To select the modules for installation, modify the Cisco Secure Client .dmg file accordingly.
By default, the Cisco Secure Client is deployed with the VPN module. To deploy the Cisco Secure Client with the Umbrella Roaming Security module via CLI or MDM, an XML configuration is required. Use a transform file (ACTransforms.xml) to deploy the Cisco Secure Client without VPN capabilities.
Contents
- Procedure
- Step 1 – Make the DMG Package Writeable
- Step 2 – Generate the Module Installation Configuration File
- Step 3 – Copy OrgInfo.json to Cisco Secure Client Installation Directory
- Step 4 – (Optional) Hide the VPN Module
- Step 5 – Customize the Cisco Secure Client Installation Modules
- Step 6 – Set Up the Correct Extension Permission Settings
- Step 7 – Install Cisco Secure Client with Selected Modules
Procedure
Choose the modules to install with the Cisco Secure Client on a macOS device.
Step 1 – Make the .dmg Package Writeable
Use disk utility or hdiutil to change the permissions in the .dmg package from Read Only to Read/Write.
- Open a Terminal and set the .dmg file to Read/Write. Make sure you are in the Downloads folder when running the following command:
hdiutil convert cisco-secure-client-macos-<version>-predeploy-k9.dmg -format UDRW -o csc-writeable.dmg
hdiutil attach csc-writeable.dmg
Here, refers to the current version number of Cisco Secure Client.
Step 2 – Generate the Module Installation Configuration File
Generate the Cisco Secure Client module configuration file. The configuration file defines the modules to be included with the installation of Secure Client.
- Open a terminal and launch the .dmg file from /Volumes.
open /Volumes/Cisco\ Secure\ Client\ <version>
Here, refers to the current version number of Cisco Secure Client.
- Run installer which provides
pkg
option with the name of the Cisco Secure Client package and theshowChoiceChangesXML
option. Redirect the output to install_choices.xml to generate the installation configuration file.
installer -pkg /volumes/Cisco\ Secure\ Client\ <version>/Cisco\ Secure\ Client.pkg -showChoiceChangesXML > ~/Downloads/install_choices.xml
Here, refers to the current version number of Cisco Secure Client.
Step 3 – Copy OrgInfo.json to Cisco Secure Client Installation Directory
- Open a terminal and launch the .dmg from /Volumes/Profiles.
cd /Volumes/Cisco\ Secure\ Client\ <version>/Profiles/Umbrella/
Here, refers to the current version number of Cisco Secure Client.
- Drag and drop the OrgInfo.json file that you downloaded from Secure Access to Volumes/Profiles.
Step 4 – (Optional) Hide the VPN Module
To hide the Secure Client VPN module in the client GUI, modify ACTransforms.xml.
- Open a terminal and launch the ACTransforms.xml file from /Volumes.
open -e /Volumes/Cisco\ Secure\ Client\ <version>/Profiles/ACTransforms.xml
- Remove the XML comments around the
Transforms
element, and then save ACTransforms.xml.
<Transforms>
<DisableVPN>true</DisableVPN>
<DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback>
</Transforms>
Step 5 – Customize the Cisco Secure Client Installation Modules
Edit install_choices.xml created in Step 2 – Generate the Module Installation Configuration File. You can either skip or install the Secure Client modules defined in the configuration file.
- To skip a module, define the module with
0
. - To install a module, define the module with
1
.
Note: Modifying choice_vpn
does not supersede the changes that you made to ACTransforms.xml. The VPN module is required, even if the module is not displayed in the client GUI.
- Open a terminal and launch install_choices.xml.
- Define an integer XML element for each module and assign to
0
or1
, and then save install_choices.xml.
cd /Volumes
open -e ~/Downloads/install_choices.xml
Sample Customization
In the following example, the Core VPN, Umbrella, and DART modules are set to 1
and are included in the Secure Client installation.
Note: The modules listed are subject to change. Follow Step 2 and Step 5 to extract your XML file from the target version .pkg and modify it to install the crossponding modules, such as Core VPN, Umbrella, and DART.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_thousandeyes</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_thousandeyes</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_thousandeyes</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_duo</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_duo</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_duo</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_zta</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_zta</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_zta</string>
</dict>
</array>
</plist>
Step 6 – Set Up the Correct Extension Permission Settings
- By default, macOS requires users to accept the activation of a new system extension. As a result, users are presented with a dialog box. The Managed Device Manager is required to approve the Cisco Secure Client system extension and disable the dialog box using a management profile’s system extensions paylo ad. For more information about this, see System Extensions.
- Follow the payload guidance provided in Extension Approval using MDM to deploy the system extension settings.
Step 7 – Install Secure Client with Selected Modules
Install Secure Client with the configured modules.
- Open a terminal and mount the .dmg from /Volumes.
cd ~/Downloads
diskutil eject Cisco\ Secure\ Client\ <version>
hdiutil convert csc-writeable.dmg -format UDRO -o csc-readable.dmg
Here, refers to the current version number of Cisco Secure Client.
- Run the installer which provides the
pkg
option along with the name of the Cisco Secure Client package and theapplyChoiceChangesXML
option with install_choices.xml. Make sure you are still in the /Volumes directory when running this command.
hdiutil attach ~/Downloads/csc-readable.dmg
sudo installer -pkg Cisco\ Secure\ Client\ <version>/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML ~/Downloads/install_choices.xml -target /
Here, refers to the current version number of Cisco Secure Client.
Mass Deployment (macOS) < Customize macOS Installation of Cisco Secure Client > VPN Headend Deployment
Updated about 16 hours ago