Install Neo agent using Jamf

Install Neo agent on macOS endpoints to get started with user activity monitoring.

Use mobile device management (MDM) profiles via Jamf to install Neo agent on your macOS endpoints. This grants permissions and accessibility rules to Forcepoint Neo on the endpoint machines, allowing the installation to be completed without requiring administrator or user confirmation.

Requirements for Neo agent installation:

System requirements
Preinstalled MDM profile.
At least one signed-in user.

Note: From Neo endpoint v21.11 onwards, macOS Monterey 12.0 is supported.

If you are a Forcepoint Cloud Security Gateway customer who wants to install Neo agent, then download Neo agent from the Cloud Security Gateway Portal (Web > Settings > Endpoint > General > Endpoint Client Download).

Steps

Sign into the Dynamic User Protection management portal and download the macOS installation package, fpneoinstaller_mac.zip.
Unzip the installation package.

The zip file contains the following files:
- Installation package
- Manifest JSON file
- Folder for installing Neo agent with Jamf
  - ReadMe containing installation steps.
  - Forcepoint Neo profile file
  - Forcepoint Neo NC Root CA profile file
  - Forcepoint Cloud CA certificate file
  - Forcepoint Neo NC Root CA certificate file
- Folder for installing Neo agent manually
  - ReadMe containing installation steps.
On an admin machine, use Safari to navigate to Jamf Pro.
Enter the administrator name and password, then click Log in.
Import the Forcepoint Neo profile file in Jamf Pro.
1. On the Computers tab, select Configuration Profiles, then click Upload.
2. Select the Forcepoint Neo.mobileconfig configuration file.
3. Click Save.
Note: If the profile was not imported correctly, you can manually create the MDM profile. See the procedure in Appendix A.
Deploy the Forcepoint Neo configuration profile to your endpoint machines.
1. On the Computers tab, select Configuration Profiles, then select the Forcepoint Neo profile.
2. On the Scope tab, select All Computers and All Users.
  
  Alternatively, you can use this tab to specify certain individuals or groups on which to install Neo agent.
3. Click Save.
Import the Forcepoint Neo NC Root CA profile file in Jamf Pro.
1. On the Computers tab, select Configuration Profiles, then click Upload.
2. Select the Forcepoint Neo NC Root CA.mobileconfig configuration file.
3. Click Save.
Deploy the Forcepoint Neo NC Root CA configuration profile to your endpoint machines.
1. On the Computers tab, select Configuration Profiles, then select the Forcepoint Neo NC Root CA profile.
2. On the Scope tab, select All Computers and All Users.
  
  Alternatively, you can use this tab to specify certain individuals or groups on which to install Neo.
3. Click Save.
Create a policy to automatically deploy Neo on endpoint machines.
1. Go to the Computers tab, then select Management Settings.
2. Open the Computer Management menu, click Packages, then click + New.
3. Under Filename, click Choose File. Go to the location where you downloaded the Neo installation files. Select fpneoinstaller_mac.zip, then click Open.
  
  Note: You must select the fpneoinstaller_mac.zip file and not the individual files within the zip file.
4. On the Computers tab, select Policies, then click + New.
5. Enter the following details:
  1. Display Name: Forcepoint Neo
  2. Select the Enabled check box
  3. Under Trigger, select the trigger options to match your organization's routine. At least one user must be logged in when deployment starts. For example, if your organization enforces log out every night, then select Login. If your users rarely log out, then select Recurring Check-in. For freshly enrolled endpoints, select Enrollment Complete.
6. On the Packages tab, click Configure Packages.
7. Select the Neo agent package, then click Add.
8. On the Scope tab, select All Computers and All Users.
  
  Alternatively, use this tab to specify certain individuals or groups on which to install Neo agent.
9. Click Save.
10. Click Logs to verify the installation.