Deploy SentinelOne Agent Using JumpCloud Commands (Windows, macOS, Linux)
This guide explains how to install the SentinelOne Endpoint Agent on Windows, macOS, and Linux devices using JumpCloud Commands.
Each command automatically downloads the installer, ensuring a clean and scalable deployment process.
Before deploying, ensure the following:
You have the SentinelOne Site Token.
Devices are enrolled in JumpCloud and online.
Do not rename or modify the SentinelOne installer filename.
This command downloads and installs the SentinelOne agent on Windows devices.
$siteToken="Your site token"
$installerTempLocation="C:\Windows\Temp\SentinelOneAgentInstaller.exe"
############### Do Not Edit Below This Line ###############
if (Get-Service "SentinelOneService" -ErrorAction SilentlyContinue) {
Write-Host "Sentinel One Agent already installed, nothing to do."
exit 0
}
Write-Host "Sentinel One Agent not installed."
if (-Not (Test-Path $installerTempLocation)) {
Write-Error "Installer not found at $installerTempLocation. Exiting."
exit 1
}
Write-Host "Installer found. Starting installation."
try {
& $installerTempLocation --dont_fail_on_config_preserving_failures -t $siteToken
}
catch {
Write-Error "Failed to run Sentinel One Agent installer."
exit 1
}
This command downloads the .pkg file, validates notarization, and installs the agent.
You can deploy the SentinelOne Agent Permissions policy directly from JumpCloud Policy Management. To grant the PPPC access for S1. After installing of agent.
Just open Policy Management, click the “+” icon, and configure the predefined policy named SentinelOne Agent Permissions to apply the required macOS access permissions.
#!/bin/bash
sentinelToken="Your Site Token"
pkgPath="/tmp/sentineloneagent.pkg"
# Check if already installed
if [[ -d /Applications/SentinelOne/ ]]; then
echo "Sentinel One Agent is already installed. Exiting..."
exit 0
fi
# Check if file exists
if [[ ! -f "$pkgPath" ]]; then
echo "Package not found at $pkgPath"
exit 1
fi
# Set Token
tokenPath="/tmp/com.sentinelone.registration-token"
echo "$sentinelToken" > "$tokenPath"
echo "Token written to $tokenPath"
# Verify signature
check_pkg_sign=$(pkgutil --check-signature "$pkgPath")
if [[ $check_pkg_sign == *"AYE5J54KN"* ]] && \
[[ $check_pkg_sign == *"Status: signed by a developer certificate issued by Apple"* ]] && \
[[ $check_pkg_sign == *"Notarization: trusted by the Apple notary service"* ]]; then
echo "Package is signed and notarized. Proceeding with installation..."
sudo installer -pkg "$pkgPath" -target /
echo "Installation completed."
else
echo "Package is not properly signed or notarized. Exiting..."
exit 1
fi
This command downloads and installs the S1 agent, then verifies the installation.
#!/bin/bash
# ==========================
# SentinelOne Agent Installer
# ==========================
# Replace this with your actual SentinelOne site token
SITE_TOKEN="<YOUR_SITE_TOKEN>"
# URL to the SentinelOne Linux agent installer (update with your console link)
INSTALLER_URL="https://<S1-CONSOLE-URL>/installer/linux/agent_installer.sh"
# Log file
LOG_FILE="/var/log/sentinelone_install.log"
echo "[$(date)] Starting SentinelOne installation..." | tee -a $LOG_FILE
# Download installer
curl -o /tmp/agent_installer.sh $INSTALLER_URL
if [[ $? -ne 0 ]]; then
echo "[$(date)] ERROR: Failed to download installer." | tee -a $LOG_FILE
exit 1
fi
# Make installer executable
chmod +x /tmp/agent_installer.sh
# Install the agent
sudo /tmp/agent_installer.sh $SITE_TOKEN
if [[ $? -ne 0 ]]; then
echo "[$(date)] ERROR: Installation failed." | tee -a $LOG_FILE
exit 1
fi
# Verify installation
if command -v sentinelctl &> /dev/null; then
VERSION=$(sudo sentinelctl version)
echo "[$(date)] SUCCESS: SentinelOne installed. Version: $VERSION" | tee -a $LOG_FILE
sudo systemctl status sentinel-agent --no-pager | tee -a $LOG_FILE
else
echo "[$(date)] ERROR: SentinelOne installation not detected." | tee -a $LOG_FILE
exit 1
fi
echo "[$(date)] Installation script completed." | tee -a $LOG_FILE
Use Device Groups to target OS types.
Use Command Sets for consistent deployment.
Deploy using "Once" mode to avoid repeat installation attempts.
Keep Site Tokens secure—use JumpCloud Command Variables if needed.