Installation and Configuration
macOS
Configuration
Version 6.12.0+
When installing the HYPR Workforce Access Client for version 6.12.0 and above, you need to create a
hypr.jsonfile containing your configuration parameters.
Step 1: Create a text file named hypr.json.
touch hypr.json
Step 2: Put the hypr.json file and the installer .pkg file in same folder.
Step 3: Set your configuration parameters in the hypr.json file.
Configuration Parameters
| Parameter | Description | Example |
|---|---|---|
appId | The name of your RP Application in the HYPR Control Center | AcmeMacOSApp |
pinningHash | SHA256 PIN of the Control Center domain | KeM8XnCIy8+Cxm+HKTEOBZr1g3F8odQNHTH+vdu7RWc= |
rpUrl | The URL for your HYPR tenant with /rp path appended to the end | https://acme.hypr.com/rp |
supportEmail | The email address of your support team | [email protected] |
installToken | The Installation Token used for Endpoint Protection | 6a74ce20-2c1e-4c7d-ae9d-14be27e2c197 |
version | The HYPR Installer version (must be set to 4) | 4 |
certTemplate | The name of your Microsoft AD CS certificate template. This is a required parameter if you're using a domain-joined computer. See Custom Certificate Templates. Leave this field blank if you're not using Microsoft Active Directory to manage your macOS users. | AcmeMacOSUser |
certPublishers(optional) | A comma-separated a list of DNS names for the servers running the service that can generate certificates on behalf of the user. The Workforce Access Client will browse the AD forest if you omit this parameter, but if you have multiple servers deployed to manage the domain infrastructure it can take time to explore all of them. | DOMAINSERVER2.FULL.COMPANY.ADDRESS.COM, DOMAINSERVER3.FULL.COMPANY.ADDRESS.COM |
certAuthority(optional) | The name of the publisher of the Active Directory. The Workforce Access Client will browse the AD forest if you omit this parameter, but if you have multiple servers deployed to manage the domain infrastructure it can take time to explore all of them. | hypr-DEVW2012R9DOMXDC-CA |
Examples
Domain-Joined
Always set "certPublishers" and "certAuthority" for Enterprise AD configurations
The client will look up this information by default if you don't specify these additional parameters, but you should set them manually to improve registration speed.
Mobile User Accounts Required
HYPR requires the Mobile User type for domain-joined computers. You can learn more about Mobile Users configuration in the Apple documentation.
{
"version": "4",
"rpUrl": "https://your-hypr-server.com/rp",
"appId": "your-control-center-app-name",
"pinningHash": "list-of-ssl-pins",
"supportEmail": "support-email",
"installToken": "your-install-token",
"certTemplate": "your-adcs-template-name"
"certPublishers": "list-of-publishers",
"certAuthority": "cert-authority-name"
}
Non Domain-Joined
"certTemplate" field is required
Leave this field blank if you're not using Microsoft Active Directory to manage your macOS users.
{
"version": "4",
"rpUrl": "https://your-hypr-server.com/rp",
"appId": "your-control-center-app-name",
"pinningHash": "list-of-ssl-pins",
"supportEmail": "support-email",
"installToken": "your-install-token",
"certTemplate": ""
}
Installation
Option 1: Via User Interface
Step 1: Double click on WorkforceAccess-<VERSION>.dmg disk image (DMG) and copy the installer package.
Step 2: Put the installer package in the same folder with the hypr.json file.
.dmg Distribution Option
Alternatively, you can create a new .dmg where the
hypr.jsonfile is put inside the dmg, next to the pkg files
Step 3: Double click on WorkforceAccess-<VERSION>-Installer.pkg to begin installation.
Step 4: Complete the installation and restart the computer.
Option 2: Via Terminal
Step 1: Double click on WorkforceAccess-<VERSION>.dmg disk image (DMG) and copy the installer package.
Step 2: Put the installer package in the same folder with the hypr.json file.
Step 3: Open terminal.
Step 4: Execute the following command:
installer -pkg ~/Downloads/WorkforceAccess-<VERSION>-installer.pkg -target ~/Applications/
Modifying App Configuration
Option 1: Manually
Step 1: open /Library/HYPR/HyprOneService.plist
This file is protected from edits by non-admin users, so you will need to edit it with sudo
Using vi
sudo vi /Library/HYPR/HyprOneService.plist
Using nano
sudo nano /Library/HYPR/HyprOneService.plist
Step 2: Modify the configuration parameters then save the file.
Step 3: Reboot the computer to apply the changes.
Option 2: Using CMD
Info.plist can also be modified using a shell script if you would like to apply changes automatically for selected users.
Example
#! /bin/bash
PLIST_FILE=/Library/HYPR/HyprOneService.plist
# Customize the configuration.
defaults write $PLIST_FILE ApplicationId "NAME OF YOUR APP IN CONTROL CENTER"
defaults write $PLIST_FILE RelyingPartyPins "<COMMA DELIMITED LIST OF PINS>"
defaults write $PLIST_FILE RelyingPartyUrl "https://CONTROL_CENTER_URL/rp"
defaults write $PLIST_FILE SupportEmail "SUPPORT EMAIL"
# Convert the configuration file to XML.
plutil -convert xml1 $PLIST_FILE
Deployment Best Practices
Installing with JAMF/JAMF Connect
Although JAMF Connect is not officially supported, you can use the terminal install option with JAMF and other software distribution tools.
Use sudo for Installation/Uninstallation
Installing/uninstalling requires admin privileges. Please be sure to use sudo when distributing the package to users.
Alternative Method to Uninstall the Application
- Delete the
/Applications/Workforce Access.appfolder (must be root). - Wait for 3 minutes. The uninstaller will be invoked.
Updated 9 months ago