{"id":76939,"date":"2023-05-18T15:03:04","date_gmt":"2023-05-18T19:03:04","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=76939"},"modified":"2023-06-08T18:55:56","modified_gmt":"2023-06-08T22:55:56","slug":"manage-jumpcloud-login-items","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items","title":{"rendered":"Create a Mac Managed Login Items Policy"},"content":{"rendered":"\n<p>Apple has made a change in macOS 13 Ventura that affects JumpCloud and IT Admins. In macOS 13 Ventura, end users have the ability to switch off persistent software, such as the JumpCloud agent. JumpCloud has implemented new processes to address this concern, which vary depending on the configuration of your organization.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>You must apply this policy after you upgrade or install macOS 13 Ventura.&nbsp;Applying the policy before the device has Ventura installed causes the policy to not be recognized.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Prepare Your Organization<\/strong><\/h2>\n\n\n\n<p>Depending on how your organization manages its macOS devices, the actions you must take to ensure smooth operation vary:<\/p>\n\n\n\n<ul>\n<li><strong>If you are using JumpCloud\u2019s MDM with your macOS Devices&nbsp;<\/strong>&#8211; JumpCloud will automatically prepare the JumpCloud Agent for this macOS 13 feature.<\/li>\n\n\n\n<li><strong>If you are using JumpCloud in addition to another MDM<\/strong>&nbsp;&#8211; JumpCloud provides a Managed Login Items policy that, once configured, prevents users from disabling persistent software. See below.&nbsp;<\/li>\n\n\n\n<li><strong>If you are using JumpCloud with no MDM<\/strong>&nbsp;&#8211; It is incumbent on you as the systems admin to counsel your users to not disable the JumpCloud items in the Login Items section of macOS 13 Ventura\u2019s System Settings. JumpCloud recommends that you use an MDM to manage your macOS devices as it allows you to securely and remotely configure your organization\u2019s devices and update software and device settings. For more information, see <a href=\"https:\/\/jumpcloud.com\/support\/get-started-mdm\">Get Started: MDM<\/a>. &nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Understand the Managed Login Items Policy&nbsp;<\/strong><\/h2>\n\n\n\n<p>To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you must configure the Managed Login Items Policy. This policy allows Admins to <a href=\"https:\/\/jumpcloud.com\/support\/add-the-jumpcloud-agent-to-an-allowlist\">allowlist login items<\/a> for macOS devices based on RuleTypes defined by Apple:<\/p>\n\n\n\n<ul>\n<li><strong>Bundle Identifier<\/strong>&nbsp;&#8211; Unique identifier for a given application, often written in reverse domain notation, such as&nbsp;<code>com.jumpcloud.darwin-agent<\/code>. If a Bundle Identifier Prefix rule type is selected, a rule value of&nbsp;com.jumpcloud&nbsp;would allow any package with a Bundle Identifier that starts with&nbsp;<code>com.jumpcloud<\/code>, such as&nbsp;<code>com.jumpcloud.assist-app<\/code> or&nbsp;<code>com.jumpcloud.pwm.desktop.live<\/code>.<\/li>\n\n\n\n<li><strong>Launchd plist label<\/strong>&nbsp;&#8211; Unique identifier for a given launchd automated process. If a Launchd Label Prefix rule type is selected, a rule value of&nbsp;com.jumpcloud&nbsp;will allow any launched item with a label prefix of&nbsp;<code>com.jumpcloud<\/code>&nbsp;to operate, including&nbsp;<code>com.jumpcloud.jcagent-tray<\/code>&nbsp;or&nbsp;<code>com.jumpcloud.user-agent<\/code>.<\/li>\n\n\n\n<li><strong>Apple Codesigning Team Identifier<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Login items managed by this policy installed on macOS 13 systems or later will always be activated and the end user of the device cannot deactivate these items, even if they are administrators of their device. &nbsp;All items are evaluated against all RuleTypes and when matched it will be locked in the UI &nbsp;and automatically approved. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Create a Managed Login Items Policy<\/strong><\/h2>\n\n\n\n<ol>\n<li>Log into your JumpCloud Admin Portal:&nbsp;<a target=\"_blank\" href=\"https:\/\/console.jumpcloud.com\/\" rel=\"noreferrer noopener\">https:\/\/console.jumpcloud.com\/<\/a><\/li>\n\n\n\n<li>Navigate to&nbsp;<strong>DEVICE MANAGEMENT &gt; Policy Management<\/strong>.<\/li>\n\n\n\n<li>Click the green&nbsp;<strong>+<\/strong>&nbsp;icon.<\/li>\n\n\n\n<li>In the window that appears, select&nbsp;<strong>Mac<\/strong>.<\/li>\n\n\n\n<li>Find&nbsp;<strong>Managed Login Items Policy<\/strong>&nbsp;from the select of policies and click&nbsp;<strong>Configure<\/strong>.<\/li>\n\n\n\n<li>(Optional) In the <strong>Policy Name<\/strong> field, enter a new name for the policy or keep the default. Policy names must be unique.<\/li>\n\n\n\n<li>(Optional) In the&nbsp;<strong>Policy Notes<\/strong> field, enter details like when you created the policy, where you tested it, and where you deployed it.<img decoding=\"async\" width=\"2078\" height=\"1556\" class=\"wp-image-86805\" style=\"width: 900px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png 2078w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy-300x225.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy-1024x767.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy-768x575.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy-1536x1150.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy-2048x1534.png 2048w\" sizes=\"(max-width: 2078px) 100vw, 2078px\" \/><\/li>\n<\/ol>\n\n\n\n<ol start=\"8\">\n<li>Select a rule type:\n<ul>\n<li><strong>Bundle Identifier&nbsp;<\/strong>&#8211; The bundle identifier of the app to match, which must be an exact match.<\/li>\n\n\n\n<li><strong>Bundle Identifier Prefix&nbsp;<\/strong>&#8211; The prefix of the bundle identifier of the app to match.<\/li>\n\n\n\n<li><strong>Label&nbsp;<\/strong>&#8211; The value of the launchd plist Label parameter to match, which must be an exact match.<\/li>\n\n\n\n<li><strong>Label Prefix&nbsp;<\/strong>&#8211; The prefix of the launchd plist Label parameter to match.<\/li>\n\n\n\n<li><strong>Team Identifier&nbsp;<\/strong>&#8211; The team identifier from the code signing attributes, which must be an exact match.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Enter a rule value. For example, the rule value for BundleIdentifier is the unique identifier for the application, generally in reverse domain notation, such as&nbsp;com.jumpcloud.darwin-agent.<\/li>\n\n\n\n<li>(Optional)&nbsp;Select the<strong>&nbsp;Policy Groups<\/strong>&nbsp;tab and select one or more policy groups that will include this policy.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab and select one or more device groups where you&#8217;ll apply this policy. For device groups with multiple OS member types, the policy is applied only to the supported OS.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Devices&nbsp;<\/strong>tab and select one or more devices where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Apple has made a change in macOS 13 Ventura that affects JumpCloud and IT Admins. In macOS 13 Ventura, end [&hellip;]<\/p>\n","protected":false},"author":201,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852,3082],"support_tag":[],"coauthors":[2835],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Create a Mac Managed Login Items Policy - JumpCloud<\/title>\n<meta name=\"description\" content=\"To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you can configure the Managed Login Items policy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Create a Mac Managed Login Items Policy\" \/>\n<meta property=\"og:description\" content=\"To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you can configure the Managed Login Items policy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-08T22:55:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"alexsnyder\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items\",\"url\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items\",\"name\":\"Create a Mac Managed Login Items Policy - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png\",\"datePublished\":\"2023-05-18T19:03:04+00:00\",\"dateModified\":\"2023-06-08T22:55:56+00:00\",\"description\":\"To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you can configure the Managed Login Items policy.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Create a Mac Managed Login Items Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Create a Mac Managed Login Items Policy - JumpCloud","description":"To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you can configure the Managed Login Items policy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items","og_locale":"en_US","og_type":"article","og_title":"Create a Mac Managed Login Items Policy","og_description":"To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you can configure the Managed Login Items policy.","og_url":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items","og_site_name":"JumpCloud","article_modified_time":"2023-06-08T22:55:56+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"alexsnyder"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items","url":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items","name":"Create a Mac Managed Login Items Policy - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png","datePublished":"2023-05-18T19:03:04+00:00","dateModified":"2023-06-08T22:55:56+00:00","description":"To prevent your macOS users from turning off persistent software such as the JumpCloud Agent, you can configure the Managed Login Items policy.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/05\/Mac_ManagedLoginItems_policy.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/manage-jumpcloud-login-items#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Create a Mac Managed Login Items Policy"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76939"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/201"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76939\/revisions"}],"predecessor-version":[{"id":90300,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76939\/revisions\/90300"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=76939"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=76939"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=76939"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=76939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}