Help Center Home > Devices > Grant Required Permissions for the Remote Assist Agent on macOS Devices

Grant Required Permissions for the Remote Assist Agent on macOS Devices

MacOS devices require additional Privacy & Security settings to grant the JumpCloud Remote Assist software permissions to enable remote access and Remote File Manager (RFM) file-sharing capabilities.

Depending on your OS version and MDM type, you may be required to enable permissions for Screen Recording, Accessibility, or both to effectively run Remote Assist to its full capabilities, as well as Full Disk Access for RFM.

Overview

To run JumpCloud Remote Assist on macOS devices, you need to grant the app permissions in System Settings > Privacy & Security. Depending on your OS version and MDM type, you need to enable permissions for Screen Recording, Accessibility, or both.

Considerations

If your macOS devices are not enrolled in any MDM, users will need to grant the Accessibility and Screen Recording permissions manually.
- For instructions, see Granting Permissions for a Device Not Enrolled in MDM .
If your macOS device is enrolled with JumpCloud’s MDM and running 11.x (Big Sur) or newer, the JumpCloud agent automatically grants Accessibility permissions for the Remote Assist agent as part of the PPPC policy push.
- The user is still required to grant Screen Recording permissions, but doesn’t need special Admin privileges to do so.
If your device is enrolled with JumpCloud MDM, the policy to support the Remote File Manager is applied automatically.
For third party MDMs, you’ll need to either manually grant the JumpCloud Remote Assist agent permissions, or download the custom preconfigured profile for use with your MDM to grant the appropriate permissions to our software.
- For instructions, see Granting Permissions for a Non-JumpCloud MDM.

Limitations

The Remote Assist Agent does not currently support video streaming from HDR-enabled displays. To effectively use the Remote Assist service, disable HDR video streaming on your device. Remote Assist has HDR disabled by default.

Note:

Remote Assist has HDR disabled by default.

Granting Permissions for Users Enrolled in JumpCloud MDM

To grant permissions for a macOS device enrolled with JumpCloud MDM:

Click the Apple menu at the top of the screen.
Go to System Settings > Privacy & Security > Screen Recording.
Toggle the JumpCloud Remote Assist app to enable screen recording permissions.

Note:

For macOS devices running Big Sur and Monterey, you do not need to enter your password or grant Accessibility permissions.
For JumpCloud-enrolled devices, the agent automatically enables Full Disk access for Remote Assist to support the Remote File Manager. This policy to support the RFM is enabled in the backend, so it will still work even though it will not appear in the Full Disk Access folder.

Granting Permissions for a Non-JumpCloud MDM

A custom profile is required for non-JumpCloud MDMs. To grant permissions for a non-JumpCloud MDM:

Download the custom Privacy Preferences Policy Control (PPPC) file attached to this article.

Note:

See the attached PPPC-JumpCloud-Agent-Permissions-1-1.mobileconfig file.
The PPPC profile automatically supports the Remote File Manager feature. The permission to use the RFM is enabled after the policy is deployed.

Follow the instructions from your MDM to install this custom profile.
Complete the steps in Granting Permissions for a JumpCloud MDM .

Granting Permissions for Users Not Manually Enrolled in MDM

If your macOS device meets the following conditions, the user must manually grant the Accessibility and Screen & System Audio Recording permissions:

macOS device is running Big Sur or Monterey, but not enrolled in JumpCloud MDM.
macOS device is enrolled in a non-JumpCloud MDM, but not using the PPPC policy attached to this article.

Note:

A user must have admin privileges to grant Accessibility permissions.
If a user’s device is running Big Sur or later, admin privileges are also required to grant Screen & System Audio Recording permissions.

To grant permissions for a device not manually enrolled in MDM:

Click the Apple menu at the top of the screen.
Go to System Settings > Privacy & Security > Accessibility.
Toggle the JumpCloud Remote Assist app to enable accessibility permissions.

Important:

If JumpCloud Remote Assist doesn’t show up in the list of available apps, click the + icon and select it from the Applications folder.

Go to System Settings > Privacy & Security > Screen & System Audio Recording.
Toggle the JumpCloud Remote Assist app to enable screen recording permissions.

To enable permissions for the Remote File Manager feature, go to System Settings > Privacy & Security > Full Disk Access.
Click the + icon and add JumpCloud Remote Assist from the Application directory.
Toggle the JumpCloud Remote Assist app to enable full disk access.

Granting Permissions Using JumpCloud Remote Assist System Access

If the required permissions discussed above haven’t been granted by a user on the macOS device, the JumpCloud Remote Assist System Access prompt will be displayed every time a user logs in to the system.

Users enrolled in JumpCloud MDM can click the Change Setting button to directly update the settings.

Clicking Change Setting redirects you to System Settings > Privacy & Security. Toggle the JumpCloud Remote Assist app in the list to enable the permission needed to support Remote Assist.

Note:

For non-JumpCloud MDM users and users not manually enrolled in MDM, you must have admin privileges to be able to change the settings.

Once you have granted all the required permissions, click Close. The prompt stops appearing in the next login. However, if any of the required permissions are missing, the prompt will be displayed in the next login.

If you haven’t granted all the permissions and don't want to keep seeing the prompt every time you log in, select the Do not show me this message again checkbox and then click Close. The next time you login, the prompt doesn’t appear but you receive the following notification.