Deploy Netskope Client for Mac using Jumpcloud MDM
Prerequisite:
SAML Forward Proxy integration with Jumpcloud as an IDP must be configured prior to deploying the Netskope Client
Configuration Steps
1 - Install Netskope Certificates
Download both certificates from the Netskope Tenant on Settings > Manage > Certificates > Signing CA:
Follow the steps off the link Create a Mac or iOS Install Certificate Policy and create two certificate policies on Jumpcloud. One for the Netskope Root Certificate and one for the Netskope Intermediate Certificate:
Approve System Extension and Network Extension
Create a new Jumpcloud policy following the steps of the link Create Mac System Extension Policy to Approve the System Extension and use the following details on the policy:
In the latest SO versions it is necessary to check the System extension option “Approve System Extension and Network Extension” Policy
Team ID: 24W52P9M7W
Bundle IDs:
com.netskope.client.Netskope-Client.NetskopeClientMacAppProxy
com.netskope.client.Netskope-Client.NetskopeClientMacDNSProxy
com.netskope.client.Netskope-Client
Filter Data Provider Designated Requirement:
anchor apple generic and identifier"com.netskope.client.Netskope-Client" and (certificateleaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate1[field.1.2.840.113635.100.6.2.6] / exists / and certificateleaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificateleaf[subject.OU] = "24W52P9M7W")
VPN Profile
Create a Jumpcloud Custom MDM Profile to deploy the VPN Profile following the steps of the link Create a Mac or iOS MDM Custom Configuration Profile Policy and use the NetskopeClient.mobileconfig file attached to this article.
Full Disk Access to Netskope Client (Needed for MacOS Sonoma)
Create an Application Privacy Preferences Profile Policy on Jumpcloud following the steps of the link Create a Mac Application Privacy Preferences Policy and use the following details on the policy:
Code Requirement:
anchor apple generic and identifier "com.netskope.client.Netskope-Client.NetskopeClientMacAppProxy" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "24W52P9M7W")
Identifier:
com.netskope.client.Netskope-Client.NetskopeClientMacAppProxy
Identifier Type:
BundleID
Full Disk Access to Endpoint DLP
Create an Application Privacy Preferences Profile Policy on Jumpcloud following the steps of the link Create a Mac Application Privacy Preferences Policy and use the following details on the policy:
Code Requirement:
anchor apple generic and identifier "com.netskope.epdlp.client" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "24W52P9M7W")
Identifier:
com.netskope.epdlp.client
Identifier Type:
BundleID
Manage Login Items
Create a Mac Managed Login Items Policy on Jumpcloud following the steps of the link Create a Mac Managed Login Items Policy and use the following details on the policy:
Rule Type:
Team Identifier
Rule Value:
24W52P9M7W
Installation Script Command
If Secure Enrollment is enabled, replace the authentication and encryption enrollment tokens with the tokens generated on the tenant webUI:
enrollencryptiontoken=<encryption token>enrollauthtoken=<authentication token>
If secure enrollment is not enabled, the following values are displayed in the script:
enrollencryptiontoken=0enrollauthtoken=0
Script- I have attached the Installation Command in the Article with the name of "NetksopeInstallationScript"
Related Articles
Jumpcloud LDAP Integration with Synology NAS
Environment / Prerequisite Your Synology NAS must be running DSM 7.0 or above. Contents Bind users to JumpCloud LDAP Configure groups Enable Samba authentication for JumpCloud LDAP Join your Synology NAS to JumpCloud LDAP Resolution Bind users to ...Standard Operating Procedure (SOP): Automated macOS Device Enrollment via JumpCloud MDM (ADE + ABM + ZTE)
Standard Operating Procedure (SOP): Automated macOS Device Enrollment via JumpCloud MDM (ADE + ABM + ZTE) Document Version: 1.0 Author: Karthik G Date: 30-04-2025 Table of Contents Overview Automated Device Enrollment Setup (ZTE Group) Application ...Mac - Generic DMG Installer - JumpCloud
Name Mac - Generic DMG Installer - JumpCloud Content- #!/bin/bash # *** USAGE *** Version: 1.2 # *NOTE* this template is only designed to work with DMG files and does not support .pkg, .zip files or DMGs that contain .pkg installers. # Update the ...Deleting Unwanted User Profiles from macOS and Windows using JumpCloud
Deleting Unwanted User Profiles from macOS and Windows using JumpCloud Overview This guide provides steps to identify and remove unwanted/suspended user profiles from macOS and Windows systems through JumpCloud Commands. It ensures that only the ...Mac User Profile Locked/Disabled – Resolution Guide
Issue Summary Name: Mac User Profile Got Locked/Disabled Possible Reasons for Locked/Disabled Account 1. Exceeding the allowed number of incorrect password attempts. 2. Jumpcloud password doesn’t match the local account. it may trigger a lockout 3. ...