Installation and Configuration

macOS

Configuration

📘

Version 6.12.0+

When installing the HYPR Workforce Access Client for version 6.12.0 and above, you need to create a hypr.json file containing your configuration parameters.

Step 1: Create a text file named hypr.json.

touch hypr.json

Step 2: Put the hypr.json file and the installer .pkg file in same folder.

546546

Step 3: Set your configuration parameters in the hypr.json file.

Configuration Parameters

ParameterDescriptionExample
appIdThe name of your RP Application in the HYPR Control CenterAcmeMacOSApp
pinningHashSHA256 PIN of the Control Center domainKeM8XnCIy8+Cxm+HKTEOBZr1g3F8odQNHTH+vdu7RWc=
rpUrlThe URL for your HYPR tenant with /rp path appended to the endhttps://acme.hypr.com/rp
supportEmailThe email address of your support team[email protected]
installTokenThe Installation Token used for Endpoint Protection6a74ce20-2c1e-4c7d-ae9d-14be27e2c197
versionThe HYPR Installer version (must be set to 4)4
certTemplateThe name of your Microsoft AD CS certificate template. This is a required parameter if you're using a domain-joined computer. See Custom Certificate Templates.

Leave this field blank if you're not using Microsoft Active Directory to manage your macOS users.
AcmeMacOSUser
certPublishers
(optional)
A comma-separated a list of DNS names for the servers running the service that can generate certificates on behalf of the user. The Workforce Access Client will browse the AD forest if you omit this parameter, but if you have multiple servers deployed to manage the domain infrastructure it can take time to explore all of them.DOMAINSERVER2.FULL.COMPANY.ADDRESS.COM, DOMAINSERVER3.FULL.COMPANY.ADDRESS.COM
certAuthority
(optional)
The name of the publisher of the Active Directory. The Workforce Access Client will browse the AD forest if you omit this parameter, but if you have multiple servers deployed to manage the domain infrastructure it can take time to explore all of them.hypr-DEVW2012R9DOMXDC-CA

Examples

Domain-Joined

📘

Always set "certPublishers" and "certAuthority" for Enterprise AD configurations

The client will look up this information by default if you don't specify these additional parameters, but you should set them manually to improve registration speed.

📘

Mobile User Accounts Required

HYPR requires the Mobile User type for domain-joined computers. You can learn more about Mobile Users configuration in the Apple documentation.

{
  "version": "4",
  "rpUrl": "https://your-hypr-server.com/rp",
  "appId": "your-control-center-app-name",
  "pinningHash": "list-of-ssl-pins",
  "supportEmail": "support-email",
  "installToken": "your-install-token",
  "certTemplate": "your-adcs-template-name"
  "certPublishers": "list-of-publishers",
  "certAuthority": "cert-authority-name"
}

Non Domain-Joined

📘

"certTemplate" field is required

Leave this field blank if you're not using Microsoft Active Directory to manage your macOS users.

{
  "version": "4",
  "rpUrl": "https://your-hypr-server.com/rp",
  "appId": "your-control-center-app-name",
  "pinningHash": "list-of-ssl-pins",
  "supportEmail": "support-email",
  "installToken": "your-install-token",
  "certTemplate": ""
}

Installation

Option 1: Via User Interface

Step 1: Double click on WorkforceAccess-<VERSION>.dmg disk image (DMG) and copy the installer package.

686686

Step 2: Put the installer package in the same folder with the hypr.json file.

📘

.dmg Distribution Option

Alternatively, you can create a new .dmg where the hypr.json file is put inside the dmg, next to the pkg files

Step 3: Double click on WorkforceAccess-<VERSION>-Installer.pkg to begin installation.

Step 4: Complete the installation and restart the computer.

26082608

Option 2: Via Terminal

Step 1: Double click on WorkforceAccess-<VERSION>.dmg disk image (DMG) and copy the installer package.

Step 2: Put the installer package in the same folder with the hypr.json file.

Step 3: Open terminal.

Step 4: Execute the following command:

installer -pkg ~/Downloads/WorkforceAccess-<VERSION>-installer.pkg -target ~/Applications/

Modifying App Configuration

Option 1: Manually

Step 1: open /Library/HYPR/HyprOneService.plist
This file is protected from edits by non-admin users, so you will need to edit it with sudo

Using vi

sudo vi /Library/HYPR/HyprOneService.plist

Using nano

sudo nano /Library/HYPR/HyprOneService.plist

Step 2: Modify the configuration parameters then save the file.

653653

Step 3: Reboot the computer to apply the changes.

Option 2: Using CMD

Info.plist can also be modified using a shell script if you would like to apply changes automatically for selected users.

Example

#! /bin/bash

PLIST_FILE=/Library/HYPR/HyprOneService.plist

# Customize the configuration.
defaults write $PLIST_FILE ApplicationId "NAME OF YOUR APP IN CONTROL CENTER"
defaults write $PLIST_FILE RelyingPartyPins "<COMMA DELIMITED LIST OF PINS>"
defaults write $PLIST_FILE RelyingPartyUrl "https://CONTROL_CENTER_URL/rp"
defaults write $PLIST_FILE SupportEmail "SUPPORT EMAIL"

# Convert the configuration file to XML.
plutil -convert xml1 $PLIST_FILE

Deployment Best Practices

Installing with JAMF/JAMF Connect
Although JAMF Connect is not officially supported, you can use the terminal install option with JAMF and other software distribution tools.

Use sudo for Installation/Uninstallation
Installing/uninstalling requires admin privileges. Please be sure to use sudo when distributing the package to users.

Alternative Method to Uninstall the Application

  1. Delete the /Applications/Workforce Access.app folder (must be root).
  2. Wait for 3 minutes. The uninstaller will be invoked.