Client PList Configuration File

For successful implementation, the Keyfactor Mac Auto EnrollmentClosed Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). requires that a PList file, which further defines and identifies parameterClosed A parameter or argument is a value that is passed into a function in an application. settings, be loaded on every Mac device that requires certificate lifecycle management. Figure 3: Example PList shows an example of the PList file with further definitions below.

Figure 3: Example PList

The structure of most of the ProgramArguments section of the file is an argumentClosed A parameter or argument is a value that is passed into a function in an application. line (e.g. -httpScheme) followed by its value line (e.g. https), so most of the arguments appear as a pair of lines.

  • <key>Label</key>: The name of the PList file, must be the same as the saved name of the PList file.
  • <string>ProgramArguments</key>: Begins the following array of key values:
    • <string>/etc/keyfactor/macagent/MacAutoEnrollmentClient.app/Contents/MacOS/Mac AutoEnrollment Client</string>: Defines the folder structure where the agent code base resides. This tells the Mac device what to run when the device is turned on. This line stands alone and is not part of a key value pair.
    • <string>-httpScheme</string>: Defines which schema (http or https) to be used to connect to Keyfactor Command server.
    • <string>-cmsHostname</string>: Identifies the host nameClosed The unique identifier that serves as name of a computer. It is sometimes presented as a fully qualified domain name (e.g. servername.keyexample.com) and sometimes just as a short name (e.g. servername). or IP address of the Keyfactor Command server URL.
    • <string>-cmsFolder</string>: Identifies the agent endpointClosed An endpoint is a URL that enables the API to gain access to resources on a server. for communication to the Keyfactor Command server.
    • <string>-tenantId</string>: A GUID that identifies the tenant ID. This is generally set to all zeroes.
    • <string>-loglevel</string>: Defines the logging level. Supported values are error, warning and verbose. The default value is verbose.
    • <string>-logFolder</string>: Defines the path to the location of the logs.
    • <string>-logRolloverCount</string>: The number of log files to be kept on the device. The default value is 7.
    • <string>-credsMessageUsernamePassword</string>: Defines a configurable message requesting user credentials. This message appears on the standard login prompt (see Figure 1: Mac Agent Client Login) for initial authentication attempts when there are no stored credentials.
    • <string>-credsMessagePasswordOnly</string>: Defines a configurable message requesting the user's password. This message appears on the standard login prompt when a stored credentials file is found in the data directory and only the user's password is needed for authentication.
    • <string>-imagePath</string>: Defines the path and file name of the custom logo file used on the login dialog (see Figure 1: Mac Agent Client Login).
    • <string>-dataFolder</string>: Defines the path to the location where the agent saves the user credentials that last enrolled for a certificate.
    • <string>-forceLoggedOnUser</string>: If this option is set to "Yes", the agent will use the domain credentials to pass through to the agent login. This setting only applies if the device is domain joined.
  • <key>RunAtLoad</key>: If set to "true", runs the application on user login.