1. ActivTrak Help Center
  2. Product Updates & Information
  3. Other Updates & Information

How to Deploy the ActivTrak Agent on macOS Sequoia: Complete Deployment Guide

Help Center Team

Help Center Team

Overview

In macOS Sequoia (15), Apple enhanced security measures by increasing permission dialogs and notifications while removing certain administrative controls. This guide provides comprehensive deployment options for both silent and transparent installations, helping organizations choose the best approach based on their needs.

Deployment Options 

Transparent Deployment

For organizations that can communicate with end users about the installation. No action is required from the users beyond acknowledging permissions during installation.  Learn more about introducing ActivTrak to your organization.  

Silent Deployment

For organizations requiring a completely silent deployment without user interaction. The implementation process is dependent on the customer segment, which is detailed in the following table.


Silent Deployment Options Matrix

Customer Segment Required Actions Notes
Existing Mac Deployments
(Not Using Screen Details)

1. Update to the latest ActivTrak agent: Version 8.4.2 or higher 

2. Upgrade Mac devices to the latest operating system: version 15.1 or higher  

 • Optional: Set up MDM controls1 to suppress the Screen Capture prompt
• Optional: If you are using an earlier version of macOS, you may use MDM controls to postpone upgrades to Sequoia.
Existing Mac Deployments
(Using Screen Details)

1. Update to the latest ActivTrak agent: Version 8.4.2 or higher

2. Set up MDM controls for Screen Capture for screen capture prompt supression1

3. Upgrade Mac devices to the latest operating system: version 15.1 or higher

• MDM controls are required1

• The user must have previously granted screen access.

• Optional: If you are using an earlier version of macOS, you may use MDM controls to postpone upgrades to Sequoia

New Mac Deployments

(No Screen Details)

1. Update to the latest ActivTrak agent: Version 8.4.2 or higher

2. Accept permissions during installation

3. Upgrade Mac devices to the latest operating system: version 15.1 or higher

• You can use manual or scripted permission acceptance

• Optional: Set up MDM controls

New Mac Deployments

(With Screen Details)

1. Update to the latest ActivTrak agent: Version 8.4.2 or higher

2. Enable Screen Details in installer config

3. Accept permissions during install

4. Set up MDM controls for Screen Capture1

5. Upgrade Mac devices to the latest operating system: version 15.1 or higher 

• MDM controls required1

• You can use manual or scripted accessibility permission acceptance

Table Notes

1. Alternative prompt suppression methods are in development.

2. Full functionality is available on MacOS 14, upgrading to Sequoia is not required by ActivTrak. 

Managing User Permissions in macOS Sequoia without End User Interaction

Required Permissions

Starting with macOS Mojave (10.14), Apple introduced controls that let the users allow or restrict cross-application data requests and permissions such as Camera, Photos, Accessibility, AppleEvents and others. Pre-configuring a Privacy Preferences Policy Control (PPPC) profile through an MDM allows the administrator to grant or deny permissions for apps and system services to ensure compliance with privacy policies and streamline the user experience by reducing the number of permission prompts. For customers not using Screenshot Alarms or Screen View, we recommend deploying a PPPC file that denies screen recording permissions, accepts accessibility permissions, and suppresses all Background Iems notifications.

  1. Screen Recording Permissions
    • Purpose: Required for screenshot alarms and screen capture functionality
    • Default behavior: Prompts user during installation and monthly
    • MDM option: Can be denied via PPPC profile if screen capture isn't needed
  2. Accessibility Permissions
    • Purpose: Required for title bar and browser URL capture
    • MDM option: Can be accepted via PPPC profile
  3. Background Processing
    • Purpose: Allows the agent to run in the background
    • MDM option: Notifications can be suppressed via PPPC profile

Firefox Considerations

Firefox on macOS does not support URL capture without the ActivTrak Browser extension (The ActivTrak Assist Browser Extension (For Improved Website Activity Capture)—ActivTrak Help Center); however, the ActivTrak application will display ‘URL Unavailable’ if it is not preset. If your ActivTrak deployment is silent, this poses a problem since the extension will be visible in the Firefox browser's ‘Extension’ menu. Firefox Extension (Required for Mac Agents) – ActivTrak Help Center Firefox is not supported if you maintain a silent deployment. 

MDM Deployment Process

Prerequisites

  • MDM platform subscription (Intune, Jamf Pro, Kandji, or Mosyle)
  • Administrator access to MDM and ActivTrak
  • Enrolled macOS devices
  • ActivTrak’s Privacy Preferences Policy Control (PPPC) files
  • ActivTrak agent (.pkg) file

ActivTrak Install Locations

ActivTrak installs files in the following locations:

  • /Library/PrivilegedHelperTools/scthostp
  • /Library/PrivilegedHelperTools/scthostu
  • /Library/PrivilegedHelperTools/svctcom
  • /Library/PrivilegedHelperTools/scthost.app
  • /Library/LaunchDaemons/com.bgrove.activtrak.daemon.plist
  • /Library/LaunchAgents/com.bgrove.activtrak.agent.plist

PPPC files

Profile to grant/deny needed permissions

Profile to Disable Background Notifications

Implementation Steps

1. Create a Profile for Accessibility and Screen Recording Preferences:

  • Go to your MDM’s administrative console and create a new configuration profile.
  • Choose a ‘Custom’ profile type and upload the required PPPC file “Profile to grant/deny needed permissions.
  • Assign the configuration to your devices following the steps provided by your MDM software.

2. Create a Profile for Disabling All Background Notifications:

  • Go to your MDM’s administrative console and create a second new configuration profile.
  • Choose a ‘Custom’ profile type and upload the required PPPC file “Profile to Disable Background Notifications.
  • Assign the configuration to your devices following the steps provided by your MDM software.
  • Please be aware that this will disable all background notifications, including those from ActivTrak.

Important note:
When a device is configured using PPPC, the ActivTrak agent won't appear in the Accessibility permissions list, even though it has the required permissions. This is intentional and beneficial — it prevents users from accidentally disabling these essential permissions. As long as the agent is reporting data correctly, you can be confident the permissions are properly configured.

 

3. Deploy the Agent:

  • Go to your MDM’s administrative console and create a new Application for deployment.
  • Upload the ActivTrak .pkg file without renaming it. (Details on finding the latest agent version can be found here Deploy Agents via the ActivTrak app – ActivTrak Help Center.)
  • Define the necessary fields (e.g., name, description, publisher and operating system). Take note that the name should not be changed. The App Bundle ID should auto-populate, but if it does not, use “com.bgrove.scthost”
  • Assign the app to all enrolled devices or specific device groups.
  • The deployment will start, and the agent will be installed as the devices check in​​. Depending on user activity and check-in policies, this can take up to 48 hours.

 

Best Practices

  1. Plan your deployment strategy based on functionality needs.
  2. Test your deployment process in small groups first.
  3. Prepare user communication if using transparent deployment.
  4. Consider a phased rollout for large organizations.
  5. Document your chosen configuration for future reference.

For additional assistance or custom deployment scenarios, contact ActivTrak Support.





Was this article helpful?

1 out of 3 found this helpful

Comments

No comments