Skip to main content

Netskope Help

Netskope Client for macOS

This document describes the various methods to install Netskope Client on a macOS device and how to configure and steer traffic to the Netskope Cloud.

Supported Versions

Refer to Netskope Client Supported OS and Platform to understand the supported versions for macOS.

Install macOS Client

You can install Netskope Client in macOS using one of the following methods:

  • Email Invite

  • Using PLIST

  • MDM Deployment Options

Using Email Invite

You can install Netskope Client using the email invitation sent from the admin console. Click the download link for Mac Client and install Client on your device.

Important

Email invites are time-bound and can be used only by the intended user.

After you receive the email:

  1. Check your email from Netskope Onboarding and click the link for Mac Client.

    EmailInvite_macoS_Link.png
  2. Click Download. This downloads to your default location.

  3. Click the installer file.

  4. Follow the steps as displayed in the Install Netskope Client window.

  5. Once the installation is complete, you can see the Netskope Client running on your taskbar.

To learn more, view Email Invite.

Using PLIST

This method uses scripts and a PLIST to install Netskope client on macOS devices in single or multi-user mode. The steps include:

  1. Generate .plist file.

  2. Download script.

Generate .plist File

Run the following command in a terminal: sudo /usr/libexec/PlistBuddy -c "add email string user@example.com" /Library/Managed\ Preferences/template.plist

Generate Script
  1. Download the configuration script from Netskope Support portal. The file contains the essential command-line executable scripts to install and configure the client.

  2. Extract the contents of the MAC-MDM-script.zip file.

  3. Execute this command in Terminal: sudo ./macmdmscript.sh 0 0 0 addon-< tenantname >.goskope.com < OrgID > < plist file name > <preference_email >

Other Deployment Methods

Netskope currently supports following deployment options for macOS:

Uninstall Client In macOS

To uninstall Client in macOS:

  1. Click the Spotlight icon from your dock or the magnifying glass on the top of your taskbar.

  2. Enter Remove Netskope.

  3. You will be prompted to enter your administrative credentials at this point.

    macoS_uninstallNSClient_98_1.png
  4. The Netskope Client is uninstalled from your machine.

  5. Click OK.

The Password protection for client uninstallation and service stop option under Client Configuration > Tamperproof lets the administrator restrict unauthorized uninstallation of Client by the end users. The end user must know the password set by the administrator while uninstalling the Client. Service stop option is available only to Windows devices.

Tamperproofing of NS CLient in macOS Ventura

Prior to macOS Ventura versions like Monterey or older versions, the users are unaware about the applications running in the background. With macOS Ventura, it displays the applications running in the background and allows users to enable or disable them.

When Netskope Client is running in the background and disabling the Client services can impact the Client functionality and end-users can encounter security issues. You can restrict users from enabling or disabling this option through MDMs using policies. For example, using VMware Workspace ONE, you can create profiles to add custom payloads that in turn control the enable or disable option for Netskope Client services in the Allow in the Background section.

The following configuration steps restrict users from disabling the Client in login items.

  1. Go to Resources > Profiles&Baselines > Profiles.

  2. Click Add > Add Profile.

  3. Select Apple macOS as the platform to start.

  4. Select Device Profile in Select Context.

  5. Enter profile name.

  6. Go to the Custom Settings section and click Add at the right corner of this section. The fields get enabled now.

  7. Provide the following custom payload information in the Custom Settings text-box:

    <dict>
        <key>PayloadDisplayName</key>
        <string>Service Management - Managed Login Items</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.servicemanagement.xxx</string>
        <key>PayloadType</key>
        <string>com.apple.servicemanagement</string>
        <key>PayloadUUID</key>
        <string>xxxxxxxx-xxxx-xxxx-xxxx-xxx</string>
        <key>PayloadVersion</key>
        <integer>1</integer><key>Rules</key>
        <array>
        <dict>
            <key>RuleType</key>
            <string>TeamIdentifier</string>
            <key>RuleValue</key>
            <string>24W52P9M7W</string>
        </dict>
        </array>
    </dict>

    Edit the Payload Identifier and UUID values.

    macoS_loginitems_vmwareworkspace_custompayload_100.png

    Important

    Currently, many MDM providers do not have the user interface (UI) option to disable this functionality. Hence, use Custom Settings to add the payload.

  8. Click Next.

  9. On the Assignment page, assign the profile to Smart Groups.

  10. Click Save and Publish.