{"id":77036,"date":"2023-05-18T16:34:25","date_gmt":"2023-05-18T20:34:25","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=77036"},"modified":"2024-09-13T11:48:10","modified_gmt":"2024-09-13T15:48:10","slug":"install-the-sentinelone-agent","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/install-the-sentinelone-agent","title":{"rendered":"Install the SentinelOne Agent"},"content":{"rendered":"\n

You can use the Commands feature of the JumpCloud Admin Portal to download and install the SentinelOne Agent on macOS, Windows, and Linux devices. SentinelOne provides security software to protect endpoints from malware and exploits.<\/p>\n\n\n\n

For macOS devices, you\u2019ll also need to apply a policy in JumpCloud that provides Application Privacy Preferences controls for the SentinelOne Agent. After you apply the policy, SentinelOne for macOS will launch without user prompts for access to the device.<\/p>\n\n\n\n

<\/p><\/div>

Tip:<\/strong> \n

For macOS devices, you should create and apply the SentinelOne policy before you deploy the SentinelOne app.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

Creating a MacOS SentinelOne Policy<\/h2>\n\n\n\n

The SentinelOne PPPC policy should be applied to your devices. The policy installs the necessary permissions to run SentinelOne integration on your devices.<\/p>\n\n\n\n

<\/a>To create a SentinelOne policy on a macOS device:<\/strong><\/p>\n\n\n\n

    \n
  1. Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
  2. Go to DEVICE MANAGEMENT > Policy Management<\/strong>.<\/li>\n\n\n\n
  3. Click ( +<\/strong> ), then select the Mac <\/strong>tab.<\/li>\n\n\n\n
  4. Locate the SentinelOne Agent Permissions Policy, then click configure<\/strong>.
    \"\"\n
      \n
    1. (Optional) On the New Policy panel, enter a new, unique name for the policy or keep the default. <\/li>\n\n\n\n
    2. (Optional) Select the Device Groups<\/strong> tab, then select one or more device groups where you’ll apply this policy.<\/li>\n\n\n\n
    3. (Optional) Select the Devices <\/strong>tab, then select one or more devices where you’ll apply this policy.<\/li>\n\n\n\n
    4. Click save<\/strong>, then click save <\/strong>again.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
    5. Run the command you created in To install the SentinelOne Agent on a macOS Device<\/a> below by selecting the checkbox next to the command on the Commands page and clicking run now<\/strong>. <\/li>\n<\/ol>\n\n\n\n

      <\/p><\/div>

      Tip:<\/strong> \n

      If the command doesn\u2019t run, verify that you have root permissions.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

        \n
      1. After the command finishes, select the Results <\/strong>tab on the Commands page. An exit code of 0<\/strong> indicates that the command ran successfully. If multiple commands are processed at runtime, only the last exit code is reported. For a list of all exit codes, see Understand Command Results<\/a>. <\/li>\n\n\n\n
      2. Verify that the SentinelOne policy was applied on the macOS device (From the Apple menu, System Settings > Privacy & Security > Profiles<\/strong>):\u00a0
        \"\"<\/li>\n<\/ol>\n\n\n\n

        <\/p><\/div>

        Note:<\/strong> \n

        MacOS 15 Sequoia will disable the option to toggle the SentinelOne extension under System Settings > General > Login Items & Extensions > Endpoint Security Extensions<\/strong> for end users.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

        Installing the SentinelOne Agent<\/h2>\n\n\n\n

        MacOS<\/h3>\n\n\n\n

        To install the SentinelOne Agent on a macOS device<\/strong>:<\/p>\n\n\n\n

          \n
        1. Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
        2. Go to DEVICE MANAGEMENT > Commands<\/strong>.<\/li>\n\n\n\n
        3. Click (\u00a0+<\/strong>\u00a0), then choose\u00a0Command from Template<\/strong>. See\u00a0Get Started: Commands<\/a>\u00a0for more information.\n
            \n
          1. In the command template pane, select MacOS<\/strong>.<\/li>\n\n\n\n
          2. Locate the command named Mac – Install Sentinel One Agent<\/strong> and select Configure<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
          3. (Optional) You can edit the default name for this command.<\/li>\n\n\n\n
          4. Edit the script<\/a> to customize these two variables:\n
              \n
            1. Update the SentinelToken variable. For more information, see the SentinelOne documentation<\/a> (you will need a SentinelOne account to access).<\/li>\n\n\n\n
            2. Update the DownloadUrl to point to the location of your SentinelOne package file. This file should be available to devices over the internet. The script will download this file during execution.
              \"\"<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n\n\n\n

              <\/p><\/div>

              Note:<\/strong> \n

              This script works for many situations; you might need to alter some variables for your organization. For more information, see the SentinelOne documentation<\/a> (you will need a SentinelOne account to access).<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                \n
              1. If you want to schedule when the command runs or trigger the command, click Event <\/strong>and choose one of the options. The default is Run Manually<\/strong>.<\/li>\n\n\n\n
              2. Under Options<\/strong>, you can increase the timeout value. The JumpCloud Commands default is 120 seconds.<\/li>\n<\/ol>\n\n\n\n

                <\/p><\/div>

                Note:<\/strong> \n

                The command returns a failure if the download and installation does not complete before the timeout passes. Ensure that your timeout value considers the speed of your network connection.  <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                  \n
                1. Under TTL Settings<\/strong>, verify that Use Smart Defaults is selected.<\/li>\n\n\n\n
                2. Assign the SentinelOne agent to your devices:\n
                    \n
                  1. If you are assigning the SentinelOne Agent to individual devices, select the Devices <\/strong>tab and select the checkmark next to each device where you want to install the agent.<\/li>\n\n\n\n
                  2. If you are assigning the SentinelOne Agent to groups of devices, select the Device Groups <\/strong>tab and select the checkmark next to each device group where you want to install the agent.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
                  3. Click save<\/strong>, then click save <\/strong>again.<\/li>\n\n\n\n
                  4. Run the command by selecting the checkbox next to the command on the Commands page and clicking run now<\/strong>. <\/li>\n<\/ol>\n\n\n\n

                    <\/p><\/div>

                    Tip:<\/strong> \n

                    If the command doesn\u2019t run, verify that you have root permissions.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                      \n
                    1. After the command finishes, select the Results <\/strong>tab on the Command page. An exit code of 0 indicates that the command ran successfully. If multiple commands are processed at runtime, only the last exit code is reported. For a list of all exit codes, see Understand Command Results<\/a>. <\/li>\n<\/ol>\n\n\n\n

                      <\/p><\/div>

                      Tip:<\/strong> \n

                      For troubleshooting information, see the SentinelOne Troubleshooting<\/a> page (you will need a SentinelOne Account to access).<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

                      Windows<\/h3>\n\n\n\n

                      To install the SentinelOne Agent on a Windows device:<\/strong><\/p>\n\n\n\n

                        \n
                      1. Log in to your Admin Portal<\/a>.<\/li>\n\n\n\n
                      2. Go to DEVICE MANAGEMENT <\/strong>> Commands<\/strong>.<\/li>\n\n\n\n
                      3. Click ( +<\/strong> ), then choose Command from Template<\/strong>. See Get Started: Commands<\/a> for more information.\n
                          \n
                        1. Within the command template pane, select Windows<\/strong>.<\/li>\n\n\n\n
                        2. Locate the command named Windows – Install Sentinel One Agent<\/strong> and select Configure<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n
                        3. (Optional) You can edit the default name for this command or type a new name.<\/li>\n\n\n\n
                        4. Edit the PowerShell script<\/a> to customize these two variables:\n