Installing KACE SMA Agent for macOS

The KACE SMA Agent is an application that can be installed on devices managed by the KACE SMA to enable inventory reporting and other device management features. You can add the KACE SMA Agent on your managed macOS devices, as needed.

Installing the KACE SMA Agent through KACE Cloud can be done through the existing pkg file that is signed by the KACE SMA Agent team. However, this does not contain the configuration file that tells the device which KACE SMA server to communicate with. Customers cannot use the dmg supplied by the KACE SMA because the macOS MDM protocol requires the previously mentioned distribution packages.

A workaround is to create a second distribution package with a basic amp.conf and sma.dat files.

The amp.conf file only requires the host setting:

host=192.168.240.112

The host can be the IP address or the Fully Qualified Domain Name of the KACE SMA server.

The sma.dat file is required for agent authentication and works with KACE SMA version 11.x and later.

To create the sma.dat file, in KACE SMA, go to the Agent Token Detail page, and copy the contents of the Token field:

Create a new sma.dat file and copy the token into the file (and nothing else). Using the above example, this is what you need in the sma.dat file:

0zO0dygjeFova4NwQY8c7sVbj5Vj_FXpE8lxeLZNbrYohWCRVklcow

The next step is to put the amp.conf and sma.dat files within a "data" directory. Then run the following command in the parent of the data directory:

sudo pkgbuild --root data --identifier agent.conf --version 1.0.0 --install-location /Library/Application\ Support/Quest/KACE/data ./AnySMAConf.pkg

Next, sign the package using the productbuild utility in the same way a custom Mac app package is created.

sudo productbuild --sign "My Certificate Name" --package AnySMAConf.pkg AnySMAConfDistribution.pkg

NOTE: You must have an Apple Developer Account in order to sign the SMA agent package. For more details, visit https://developer.apple.com/programs/.

Next, upload the amp.conf distribution package to KACE Cloud.

Device configuration

To install on a device, simply install both distribution packages on a device. If the amp.conf file is installed before the agent, the server configuration will be picked up immediately. If the agent is installed first then a device restart - which can be run from KACE Cloud too - is required to pick up the amp.conf details.

KACE Cloud Policy Manager KACE SMA Agent configuration

KACE Cloud Policy Manager enforces device compliance and automatically distributes things like apps and configurations. It uses the device inventory to determine what needs to be installed to bring a device into compliance. The KACE SMA Agent is installed as a service and the macOS MDM protocol does not include it in the app inventory. As such, the policy manager can't determine if the app has been successfully installed and will keep trying to install an app it can't see on a device. To avoid this, we now have a setting that allows an app to be marked as installed regardless of the inventory report.