STAGING This is not the live site
MAC Endpoint Provisioning | centrexIT Knowledge Center
Loading...

Knowledge Center

/
centrexIT
Knowledge Center

858 Therapeutics MAC Endpoint Provisioning

KB00003727
Francisco Benitez Work Instruction 1 min
Publishedv1

Purpose

Section titled “Purpose”

Provision a new MacBook for 858 Therapeutics according to the standard endpoint configuration, including management agents, identity integration, security tools, and end-user application setup.

Prerequisites

Section titled “Prerequisites”
  • Target device: New MacBook (858 Therapeutics standard configuration)
  • Management tools: ConnectWise ScreenConnect, N-able N-central, JumpCloud, SentinelOne, Dropbox
  • macOS version: macOS 26 (or current supported release)
  • Required access: LocalUser admin credentials, centrexIT password vault, ConnectWise Automate configurations, JumpCloud admin console, SentinelOne console
  • On-site contact: Kim Russell (858 Therapeutics) — coordinate availability before drop-off
  • Connect the Magic Mouse and Magic Keyboard to the new MacBook via Bluetooth before beginning setup
  • Confirm with Kim Russell her availability for on-site drop-off — Kim generally expects you to connect the MacBook to 858 Wi-Fi and unbox the MacBook and its accessories to complete the workstation setup on-site

Steps

Section titled “Steps”

  1. Perform initial macOS setup with LocalUser account. Power on the MacBook and proceed through the macOS Setup Assistant.

    1. Create the standard local administrator account:
      • Username: Localuser
      • Password: Retrieve from 1Password
    2. When prompted to sign in with an Apple Account (formerly Apple ID), select Set Up Later or Skip to proceed without linking an Apple Account.

    macOS 26 Note: The setup assistant refers to “Apple Account” rather than the legacy “Apple ID” or “iCloud account” terminology. Choose Set Up Later when prompted.

  2. Install ConnectWise ScreenConnect (remote support). Download the ScreenConnect client installer for macOS from the centrexIT deployment link and run the installer package.

    1. During installation, a prompt appears requesting screen recording access. Click Open System Settings when prompted.
    2. Grant Accessibility permissions in System Settings > Privacy & Security > Accessibility — enable the toggle for both centrexIT Secure Remote Support Client and connectwisecontrol-... (the ScreenConnect agent). You may need to authenticate with the LocalUser password.
    3. Grant Screen Recording permissions in System Settings > Privacy & Security > Screen Recording — enable the toggle for both centrexIT Secure Remote Support Client and connectwisecontrol-.... If the connectwisecontrol entry appears with a warning indicator, toggle it on and restart the agent if necessary.
    4. Confirm the ConnectWise ScreenConnect installer shows “The installation was completed successfully” on the Summary screen and click Close.

    macOS 26 Note: macOS manages these permissions via toggle switches in System Settings > Privacy & Security (not checkboxes in the legacy “Security & Privacy” preference pane). There is no lock icon — macOS prompts for authentication automatically when you change a toggle.

  3. Install N-able N-central agent. Download the N-able Mac Agent installer from the centrexIT deployment link and run the installer.

    1. When the Register Mac Agent screen appears, select Register the N-central Agent.
    2. Configure the registration:
      • Register by: Customer Name and ID
      • Customer ID: 416
      • Server URL: ncentral.centrexit.com
      • Protocol: HTTPS (checked)
      • Port: 443
    3. Click Register to complete agent registration.

  4. Rename the MacBook. Open Terminal (press Cmd + Space, type Terminal, press Enter) and run the following commands, replacing {Username} with the user’s assigned username:

    Terminal window
    sudo scutil --set HostName {Username}-MacBook-Pro.8five8tx.local
    sudo scutil --set LocalHostName {Username}-MacBook-Pro.local
    sudo scutil --set ComputerName {Username}-MacBook-Pro
    dscacheutil -flushcache

    Restart the Mac to apply the hostname changes.

    Naming convention: Follow the format {FirstName}-MacBook-Pro (for example, Kimberlys-MacBook-Pro).

  5. Install JumpCloud agent. Download the JumpCloud agent package from ConnectWise Configuration > “JumpCloud Directory as a Service (DaaS AD)” (found under the Attachments tab).

    1. Run the jumpcloud-agent.pkg installer. When prompted, enter the LocalUser credentials.
    2. When prompted for the JumpCloud Connect Key, enter: 47f813059e8d0fbcbf01b9b403971fd522cdaa02
    3. When prompted to allow JumpCloud to manage FileVault, enter the LocalUser password and click Continue.
    4. Confirm the installer shows “The installation was completed successfully. Thank you for installing the JumpCloud agent.” and click Close.

  6. Configure JumpCloud in the admin console.

    1. Add MacBook to device group: Log in to the JumpCloud Admin Console, navigate to Device Management > Device Groups, open the group “All MacOS Systems”, and add the newly provisioned MacBook.
    2. Associate user with the device: Navigate to Device Management > Devices, click on the new MacBook device, click the Users tab, find the end user, check the box next to their username, and click Save.

    Associating the user with the device in JumpCloud automatically creates the user account on the MacBook.

  7. Install SentinelOne (endpoint protection). Download the SentinelOne agent package from ConnectWise Configuration > “APP - SentinelOne (Anti-Virus | EDM)” under the Attachments tab.

    1. Run the installer and click through the prompts.
    2. When prompted for the Activation Key, enter the key stored in the ConnectWise configuration for SentinelOne.
    3. If macOS blocks system software from “Sentinel Labs Inc.”, open System Settings > Privacy & Security, scroll down to the Security section, and click Allow. Authenticate with the LocalUser password if prompted.
    4. Grant additional privacy permissions (such as Full Disk Access) that SentinelOne requests via the macOS notification prompts.

    macOS 26 Note: Find the blocked extension approval in System Settings > Privacy & Security (scroll down in the pane). There is no separate “General” tab with a lock icon — macOS prompts for authentication automatically when you click Allow.

  8. Log in as the end user. Log out of the Localuser account. At the macOS login screen, select the end user’s account (created automatically via JumpCloud in step 6) and log in using the user’s JumpCloud credentials.

  9. Install Dropbox. While logged in as the end user, open a web browser, navigate to dropbox.com/install, download and install the Dropbox desktop application, and sign in to the user’s Dropbox account when prompted.

Verification

Section titled “Verification”
#CheckExpected Result
1LocalUser account createdCan log in with Localuser and password from vault
2Apple Account bypassedNo Apple Account linked to the device during setup
3ScreenConnect installed and permissions grantedScreenConnect shows as online in ConnectWise; Accessibility and Screen Recording permissions enabled in System Settings
4N-able N-central agent registeredDevice appears in N-central under Customer ID 416
5MacBook renamed correctlyhostname command in Terminal returns {Username}-MacBook-Pro
6JumpCloud agent installed and connectedDevice appears in JumpCloud console under Devices
7Device added to “All MacOS Systems” groupDevice listed in the JumpCloud Device Group
8User associated with device in JumpCloudUser checkbox appears selected on the device’s Users tab
9SentinelOne installed and activeSentinelOne agent shows as active/online in the SentinelOne console; kernel extension allowed
10End user can log inUser can authenticate at macOS login screen with JumpCloud credentials
11Dropbox installed and signed inDropbox icon appears in the menu bar and is syncing

Troubleshooting

Section titled “Troubleshooting”
SymptomCauseResolution
ScreenConnect permissions not appearing in System SettingsInstaller did not trigger permission requestOpen System Settings > Privacy & Security manually and add the ScreenConnect entries for Accessibility and Screen Recording
N-central agent not registeringIncorrect Customer ID or server URLVerify Customer ID is 416 and server URL is ncentral.centrexit.com with HTTPS on port 443
JumpCloud user account not created on MacBookUser not associated with device in JumpCloudOpen the device in JumpCloud Admin Console, click the Users tab, and confirm you enabled the checkbox for the user
MacBook hostname not updating after renameDNS cache not flushed or restart not performedRun dscacheutil -flushcache and restart the Mac
SentinelOne kernel extension blocked by macOSmacOS Gatekeeper blocked the extension on first loadOpen System Settings > Privacy & Security, scroll to the Security section, and click Allow
End user unable to log in at macOS login screenJumpCloud user-device association incomplete or sync pendingConfirm JumpCloud shows the user linked to the device and wait for the agent to sync (up to 5 minutes)
Section titled “Related Procedures”
  • 1Password — for retrieving LocalUser credentials
  • ConnectWise Automate Configurations — source for JumpCloud agent, SentinelOne agent packages, and ScreenConnect deployment links
  • JumpCloud Admin Console — for device group management, user-device association, and MDM policy configuration
  • N-central Dashboardncentral.centrexit.com — for verifying N-able agent registration
  • SentinelOne Console — for verifying endpoint protection status post-install
  • 858 Therapeutics On-Site Contact — Kim Russell — coordinate for MacBook delivery and Wi-Fi setup