Customize macOS Installation of Cisco Secure Client
Managed device manager (MDM) systems can customize the installation of the Cisco Secure Client (formerly AnyConnect) with various modules on macOS. The Cisco Secure Client has the option to install with pre-configured Secure Access profiles and to hide the display of modules in the Cisco Secure Client's graphical user interface (GUI). Modify the Cisco Secure Client deployment disk image (DMG) file to select the modules to install with the client.
This guide describes how to deploy the Cisco Secure Client with the VPN, Umbrella (Roaming Security that includes both the DNS-layer security and Web security), and DART (diagnostics) modules. The default installation of the Cisco Secure Client deploys the virtual private network (VPN) module.
The Cisco Secure Client requires an XML configuration to deploy modules from the command-line interface (CLI) or MDM. You can use a transform (ACTransforms.xml) to deploy Cisco Secure Client without the VPN module.
Table of Contents
Requirements
- macOS version 10.14.6 or newer
- Cisco Secure Client 5.0 or newer
- Administrative privileges on the macOS device
- (Optional) macOS MDM permissions
Prerequisites
- Download the OrgInfo.json file from Secure Access. For more information, see Download the OrgInfo.json File.
- Download the Cisco Secure Client Pre-Deployment Package (Mac OS) from https://software.cisco.com/download/home.
Procedure
Choose the modules to install with the Cisco Secure Client on a macOS device.
Step 1 – Make the DMG Package Writeable
Use Disk Utility or hdiutil to change the permissions on the DMG package from Read Only to Read/Write.
- Open a Terminal and set the DMG file to Read/Write.
hdiutil convert cisco-secure-client-macos-5.1.05040-predeploy-k9.dmg -format UDRW -o csc-writeable.dmg
hdiutil attach csc-writeable.dmg
Step 2 – Generate the Module Installation Configuration File
Generate the Cisco Secure Client module configuration file. The configuration file defines the modules to include with the installation of Cisco Secure Client.
- Open a Terminal and launch the DMG from /Volumes.
open /Volumes/Cisco\ Secure\ Client\ <version>
- Run installer providing the
pkgoption with the name of the Cisco Secure Client package and theshowChoiceChangesXMLoption. Redirect the output to install_choices.xml to generate the installation configuration file.
installer -pkg /volumes/Cisco\ Secure\ Client\ <version>/Cisco\ Secure\ Client.pkg -showChoiceChangesXML > ~/Downloads/install_choices.xml
Where is the current version number of Secure Client.
Step 3 – Copy OrgInfo.json to Cisco Secure Client Installation Directory
- Open a Terminal and launch the DMG from /Volumes/Profiles.
cd /Volumes/Cisco\ Secure\ Client\ <version>/Profiles/Umbrella/
- Drag the OrgInfo.json file that you downloaded from Secure Access to Volumes/Profiles.
Step 4 – (Optional) Hide the VPN Module
To hide the display of the Cisco Secure Client VPN module in the client GUI, modify ACTransforms.xml.
- Open a Terminal and launch the ACTransforms.xml file from /Volumes.
open -e /Volumes/Cisco\ Secure\ Client\ <version>/Profiles/ACTransforms.xml
Where is the current version number of Secure Client.
- Remove the XML comments around the
Transformselement, and then save ACTransforms.xml.
<Transforms>
<DisableVPN>true</DisableVPN>
<DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback>
</Transforms>
Step 5 – Customize the Cisco Secure Client Installation Modules
Edit install_choices.xml created in Step 2 – Generate the Module Installation Configuration File. Either skip or install the Cisco Secure Client modules defined in the configuration file.
- To skip a module, define the module with
0. - To install a module, define the module with
1.
Note: Modifying choice_vpn does not supersede the changes that you made to ACTransforms.xml. The VPN module is required, even if the module is not displayed in the client GUI.
- Open a Terminal and launch install_choices.xml.
- Define an integer XML element for each module and assign to
0or1, and then save install_choices.xml.
cd /Volumes
open -e ~/Downloads/install_choices.xml
Example – Customize Cisco Secure Client Modules
In the following example, the Core VPN, Umbrella, and DART modules are set to 1 and are included in the Cisco Secure Client installation.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_anyconnect_vpn</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_fireamp</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_dart</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_secure_firewall_posture</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_iseposture</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_nvm</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>1</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_secure_umbrella</string>
</dict>
<dict>
<key>attributeSetting</key>
<true/>
<key>choiceAttribute</key>
<string>visible</string>
<key>choiceIdentifier</key>
<string>choice_thousandeyes</string>
</dict>
<dict>
<key>attributeSetting</key>
<false/>
<key>choiceAttribute</key>
<string>enabled</string>
<key>choiceIdentifier</key>
<string>choice_thousandeyes</string>
</dict>
<dict>
<key>attributeSetting</key>
<integer>0</integer>
<key>choiceAttribute</key>
<string>selected</string>
<key>choiceIdentifier</key>
<string>choice_thousandeyes</string>
</dict>
</array>
</plist>
Step 6 – Set Up the Correct Extension Permission Settings
- By default, macOS requires the user to accept the activation of a new System Extension. As a result, the user is presented with a popup. An MDM is required to approve the Cisco Secure Client system extension and disable the pop-up, using a management profile’s SystemExtensions payload. For more information on System Extensions payloads, see System Extensions.
- Follow the payload guidance in Cisco Secure Client Extension Approval using MDM to deploy the System Extension settings.
Step 7 – Install Cisco Secure Client with Selected Modules
Install the Cisco Secure Client with the configured modules.
- Open a Terminal and mount the DMG from /Volumes.
cd /Volumes
mount ~/Downloads/csc-writeable.dmg
hdiutil convert csc-writeable.dmg -format UDRO -o csc-readable.dmg
hdiutil detach /Volumes/Cisco\ Secure\ Client\ <version>/
- Run installer providing the
pkgoption with the name of the Cisco Secure Client package and theapplyChoiceChangesXMLoption with install_choices.xml.
hdiutil attach ~/Downloads/csc-readable.dmg
sudo installer -pkg Cisco\ Secure\ Client\ <version/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML ~/Downloads/install_choices.xml -target /
Where is the current version number of Secure Client.
Customize Windows Installation of Cisco Secure Client < Customize macOS Installation of Cisco Secure Client > Manage Zero Trust Access on Cisco Secure Client
Updated 1 day ago