Installation and Configuration

Configuration

📘
Version 6.12.0+
When installing the HYPR Workforce Access Client for version 6.12.0 and above, you need to create a hypr.json file containing your configuration parameters.

Step 1: Create a text file named hypr.json.

touch hypr.json

Step 2: Put the hypr.json file and the installer .pkg file in same folder.

Step 3: Set your configuration parameters in the hypr.json file.

Configuration Parameters

Parameter	Description	Example
`appId`	The name of your RP Application in the HYPR Control Center	`AcmeMacOSApp`
`pinningHash`	SHA256 PIN of the Control Center domain	`KeM8XnCIy8+Cxm+HKTEOBZr1g3F8odQNHTH+vdu7RWc=`
`rpUrl`	The URL for your HYPR tenant with `/rp` path appended to the end	`https://acme.hypr.com/rp`
`supportEmail`	The email address of your support team	`[email protected]`
`installToken`	The Installation Token used for Endpoint Protection	`6a74ce20-2c1e-4c7d-ae9d-14be27e2c197`
`version`	The HYPR Installer version (must be set to 4)	`4`
`certTemplate`	The name of your Microsoft AD CS certificate template. This is a required parameter if you're using a domain-joined computer. See Custom Certificate Templates. Leave this field blank if you're not using Microsoft Active Directory to manage your macOS users.	`AcmeMacOSUser`
`certPublishers` (optional)	A comma-separated a list of DNS names for the servers running the service that can generate certificates on behalf of the user. The Workforce Access Client will browse the AD forest if you omit this parameter, but if you have multiple servers deployed to manage the domain infrastructure it can take time to explore all of them.	`DOMAINSERVER2.FULL.COMPANY.ADDRESS.COM, DOMAINSERVER3.FULL.COMPANY.ADDRESS.COM`
`certAuthority` (optional)	The name of the publisher of the Active Directory. The Workforce Access Client will browse the AD forest if you omit this parameter, but if you have multiple servers deployed to manage the domain infrastructure it can take time to explore all of them.	`hypr-DEVW2012R9DOMXDC-CA`

Examples

Domain-Joined

📘
Always set "certPublishers" and "certAuthority" for Enterprise AD configurations
The client will look up this information by default if you don't specify these additional parameters, but you should set them manually to improve registration speed.

📘
Mobile User Accounts Required
HYPR requires the Mobile User type for domain-joined computers. You can learn more about Mobile Users configuration in the Apple documentation.

{
  "version": "4",
  "rpUrl": "https://your-hypr-server.com/rp",
  "appId": "your-control-center-app-name",
  "pinningHash": "list-of-ssl-pins",
  "supportEmail": "support-email",
  "installToken": "your-install-token",
  "certTemplate": "your-adcs-template-name"
  "certPublishers": "list-of-publishers",
  "certAuthority": "cert-authority-name"
}

Non Domain-Joined

📘
"certTemplate" field is required
Leave this field blank if you're not using Microsoft Active Directory to manage your macOS users.

{
  "version": "4",
  "rpUrl": "https://your-hypr-server.com/rp",
  "appId": "your-control-center-app-name",
  "pinningHash": "list-of-ssl-pins",
  "supportEmail": "support-email",
  "installToken": "your-install-token",
  "certTemplate": ""
}

Installation

Option 1: Via User Interface

Step 1: Double click on WorkforceAccess-<VERSION>.dmg disk image (DMG) and copy the installer package.

Step 2: Put the installer package in the same folder with the hypr.json file.

📘
.dmg Distribution Option
Alternatively, you can create a new .dmg where the hypr.json file is put inside the dmg, next to the pkg files

Step 3: Double click on WorkforceAccess-<VERSION>-Installer.pkg to begin installation.

Step 4: Complete the installation and restart the computer.

Option 2: Via Terminal

Step 1: Double click on WorkforceAccess-<VERSION>.dmg disk image (DMG) and copy the installer package.

Step 2: Put the installer package in the same folder with the hypr.json file.

Step 3: Open terminal.

Step 4: Execute the following command:

installer -pkg ~/Downloads/WorkforceAccess-<VERSION>-installer.pkg -target ~/Applications/

Modifying App Configuration

Option 1: Manually

Step 1: open /Library/HYPR/HyprOneService.plist
This file is protected from edits by non-admin users, so you will need to edit it with sudo

Using vi

sudo vi /Library/HYPR/HyprOneService.plist

Using nano

sudo nano /Library/HYPR/HyprOneService.plist

Step 2: Modify the configuration parameters then save the file.

Step 3: Reboot the computer to apply the changes.

Option 2: Using CMD

Info.plist can also be modified using a shell script if you would like to apply changes automatically for selected users.

Example

#! /bin/bash

PLIST_FILE=/Library/HYPR/HyprOneService.plist

# Customize the configuration.
defaults write $PLIST_FILE ApplicationId "NAME OF YOUR APP IN CONTROL CENTER"
defaults write $PLIST_FILE RelyingPartyPins "<COMMA DELIMITED LIST OF PINS>"
defaults write $PLIST_FILE RelyingPartyUrl "https://CONTROL_CENTER_URL/rp"
defaults write $PLIST_FILE SupportEmail "SUPPORT EMAIL"

# Convert the configuration file to XML.
plutil -convert xml1 $PLIST_FILE

Deployment Best Practices

Installing with JAMF/JAMF Connect
Although JAMF Connect is not officially supported, you can use the terminal install option with JAMF and other software distribution tools.

Use sudo for Installation/Uninstallation
Installing/uninstalling requires admin privileges. Please be sure to use sudo when distributing the package to users.

Alternative Method to Uninstall the Application

Delete the /Applications/Workforce Access.app folder (must be root).
Wait for 3 minutes. The uninstaller will be invoked.