Skip to main content

Liongard macOS Agent Deployment Guide

macOS, Agent, Installation, Deployment, Installation guide, RMM, MDM

Updated over 2 weeks ago

🌟 Overview

This knowledge article explains, step‑by‑step, how to deploy the Liongard macOS agent when you have two files:

  1. The Liongard installer (e.g., LiongardAgentInstaller.pkg), and

  2. The Install Script (the bash script from Liongard that must be used with that installer and not standalone).

Key point (do not skip): The Liongard install script is not a standalone installer. It expects the installer binary to be present locally or to be downloaded by the script. If the .pkg is not available to the target Mac (either uploaded to the MDM/RMM as part of the job or hosted on an HTTPS URL the script can reach), installation will fail.

🎯 Goals of this article

  • Show exact upload & deployment patterns across major MDM / RMM platforms.

  • Key point (must read)

    The install script is to be used with the Liongard Installer and not as a standalone installation script.

    The script expects the .pkg installer to be present locally on the target Mac or to be downloadable by the script (HTTPS). Deploying only the .sh without making the .pkg available will fail.

💥 Prerequisites

  • Latest Liongard installer for Mac.

  • Download our Bash Install Script by right-clicking the page, and selecting "Save As" (wording may vary by browser or OS). Make sure the file extension is .sh.

  • INSTANCE_URL: Enter the core of your Liongard URL. Do NOT include "https://". Must also be in lowercase letters (Example : us1.app.liongard.com).

  • ACCESS_KEY_ID: Enter the Access Key ID from your Agent Install Token

  • ACCESS_KEY_SECRET: Enter the Access Key Secret from your Agent Install Token

  • Optional Variables

    • NAME: Liongard will populate this field using the hostname of the device the Agent is being installed on. If the Agent name already exists, Liongard will auto-concatenate a numerical value (in parenthesis) to the new Agent name

    • ENVIRONMENT: This field is optional, but if skipped the Environment must be assigned in Liongard on the Admin > Agents screen. For more information review our Agent Management documentation.

  • Admin access to the RMM/MDM console you’ll use.

  • A staging group of macOS devices to test before full rollout.

🔎 Platforms covered (Top 7 - Most Used RMM/MDM)

  1. Jamf Pro

  2. Addigy

  3. Kandji

  4. Mosyle

  5. SimpleMDM

  6. Microsoft Intune (macOS)

  7. Datto RMM

Note: If your RMM/MDM is not in this list, consult the vendor's support documentation or contact their support team.

🚀 Deployment approaches

  • Native bundle (recommended): Upload both .pkg and .sh in the same package/policy/object so both files are transferred to the endpoint together and executed in the required order.

  • Script‑host approach: Host the .pkg on an HTTPS endpoint and deploy only the script, which downloads and runs the .pkg during execution.

  • Component/package with post‑install script: Create a single signed .pkg that contains the agent and runs the configuration script as a post‑install payload.

⚙️ General implementation notes

  • Ensure correct execution order: If both files are uploaded, make sure the .pkg is present prior to the script running. Prefer installer first, then run install.sh.

  • Use absolute/relative paths appropriately: Confirm how your RMM/MDM exposes uploaded files to scripts (current working directory vs artifact path).

  • Security: Pass tokens as secure parameters if supported. Avoid leaving secrets on disk.

  • Idempotency & logging: Make scripts safe to re-run and log outputs to /var/log/ or custom logs. Use proper exit codes for success/failure reporting.

🌍 Platform‑Specific, Actionable Steps + Vendor Links

Each platform below shows the minimal, repeatable steps to upload both the .pkg and the .sh (or, when not possible, the recommended pattern to ensure the .pkg is available to the script at runtime).

1. Jamf Pro

Steps:

  1. Upload .pkg: Settings → Computer Management → Packages → New → upload LiongardAgentInstaller.pkg.

  2. Upload .sh: Settings → Computer Management → Scripts → New → paste the Liongard install.sh and configure INSTANCE_URL, ACCESS_KEY_ID, ACCESS_KEY_SECRET, and optional NAME/ENVIRONMENT variables.

  3. Create Policy: Computers → Policies → New. Add the Packages payload (select the .pkg) and the Scripts payload (select the edited script). Set the script to run after the package installation.

  4. Scope and Deploy to pilot group, verify installation and Liongard agent registration.

Vendor documentation:

2. Addigy

Steps:

  1. Catalog → Software → Add New (Smart Software Item).

  2. Upload files: Add both LiongardAgentInstaller.pkg and install.sh into the Smart Software item.

  3. Configure the Install Command to execute the uploaded install.sh (ensure it references the local file path Addigy uses for artifacts).

  4. Assign the Smart Software item to a Policy/Device Group.

Vendor documentation:

3. Kandji (Custom Apps with pre/post install scripts)

Steps:

  1. Library → Add New → Custom App.

  2. Upload the .pkg (or .dmg/.zip) as the installer payload.

  3. Paste the Liongard install.sh into the Post‑Install Script field so it runs after the installer is available.

  4. Assign the Custom App to a Blueprint and deploy.

Vendor documentation:

4. Mosyle (Custom Commands / hosted‑pkg approach)

Recommended: Mosyle favors hosting the installer or using their package upload + separate Custom Commands. If you cannot upload both files to the same policy, host the .pkg on HTTPS and run a Custom Command to download + run the installer.

Steps:

  1. Upload a .pkg using Mosyle's package management if available for your plan (Management → Install PKG → Add New Package).

  2. Or host the LiongardAgentInstaller.pkg on a secure HTTPS location.

  3. Create a Custom Command (Management → Custom Commands) that downloads the .pkg (curl/wget) and uses sudo installer -pkg to install it, and then run install.sh logic (or include install.sh inline in the command).

Vendor documentation / support:

Note: Mosyle's KB often requires login to access detailed step pages. If you need the exact KB article URL, We suggest opening a support ticket with Mosyle and ask for their article on uploading PKG and Custom Commands.

5. SimpleMDM (separate script & package workflows)

Steps:

  1. Upload .pkg as an app: Apps → Add App → macOS Package → upload LiongardAgentInstaller.pkg and assign to target devices.

  2. Create a Script: Scripts → Create Script → upload/paste install.sh. Run it as a Job targeted to your devices.

  3. If ordering matters, schedule the package assignment first or have the script check for the presence of the .pkg (or download it) before running the install steps.

Vendor documentation / support:

Note: SimpleMDM treats apps and scripts as separate objects (app assignment vs script job). Combine them by sequencing jobs or having the script download the installer.

6. Microsoft Intune (macOS) — LOB apps + macOS Shell Script

Steps:

  1. Upload .pkg as a macOS LOB app: Intune portal → Apps → macOS → Add → Line‑of‑business app → upload LiongardAgentInstaller.pkg.

  2. Upload install.sh as a macOS Shell Script: Devices → macOS → Scripts → Add → upload your install.sh and configure runtime options.

  3. Deployment sequencing: Intune does not bundle scripts inside the app object. Either deploy the installer first and then the script, or have the script download the .pkg and run it.

Vendor documentation:

7. Datto RMM (component model — bundle files + script)

Why Datto RMM is useful here: Datto Components allow you to attach files (installers) and a shell script together into a single Component. When the Component is executed as a Job, both the files and the script are transferred to the endpoint and can be executed in sequence.

Steps:

  1. In Datto RMM, create a new Component.

  2. Choose script type: Shell (Unix, macOS) and paste the install.sh content.

  3. Under Files, click Add File and attach LiongardAgentInstaller.pkg (or .zip/.dmg). Datto will transfer these files with the component when executed.

  4. Create and run a Job using this Component, targeted at the desired devices.

Vendor documentation:

🧐 Troubleshooting

  • Installer not found: The script attempted to execute a local .pkg that does not exist. Ensure the file path is correct or change the script to download the package first.

  • Permission errors: Ensure the script runs as a privileged user (sudo) or the RMM/MDM runs scripts as root/system account.

  • Gatekeeper blocking install: Use MDM to approve the installer if required.

  • Token / Auth failures: Verify ACCESS_KEY_ID and ACCESS_KEY_SECRET are correct and check connectivity to the INSTANCE_URL.

  • Script fails on idempotency check: Adjust script to handle already installed agent scenario (exit 0 if already present).

📌 Final note

This knowledge article focuses on the most commonly used RMM and MDM platforms, providing direct links to vendor documentation where publicly available. Some vendor knowledge base articles may require sign-in or be restricted to existing customers.

If you need a specific step-by-step guide for a specific vendor, we suggest reaching to the vendor support team directly.

Please note: We are happy to provide our partners with vendor links as an additional resource. Liongard is not liable for the content or accuracy of any third-party resources. We simply want to assist you in navigating the process and kindly remind you to access these links at your own discretion. Thank you for your understanding!

🧑‍💻 Contact Support

If you have any questions or experience issues, please reach out to Liongard Support. We are happy to assist in anyway possible!

Did this answer your question?