Kickstart Guide
Please be patient as we update our Wiki. 😄
- Go to https://github.com/cybertunnel/LoanShark/releases
- Downlaod the latest LoanShark-Installer.zip and the LoanShark.app
Unzip it
Authentication is used to ensure only authorized folks are able to manage the loaner period and configuration. If you have a Jamf Pro instance, it is recommended to use Jamf Pro’s authentication to ensure fill integration.
LoanShark uses the Jamf’s UAPI endpoints to perform the authentication and obtains the authenticated user’s group memberships too perform a check if they are authorized to administer the loaner.
- Navigate to your Jamf Pro instance, and select the gear in the top right corner to open Jamf Pro’s settings.
- Click the
Jamf Pro User Accounts & Groupsunder System Settings
- Select the group which you want to allow the ability to manage LoanShark under
Jamf Pro User Groups.
- In your navigation bar, copy the URL.
- Should look like:
https://mdm.acme.com:8443/groups.html?id=1&o=r
- Should look like:
- Take note of the ID of the group you wish to grant access. In the example the group ID was
1.- You will need this for the Configuring LoanShark Preferences section of this guide.
Note: LoanShark supports multiple groups being able to administer the loaning period, perform step 3 and 4 again until all the group IDs you need are recorded.
Available in: Version 0.3+
This method is MDM agnostic and might be more ideal in specific situations than the Jamf Pro integration.
Note: If using the command line interface and/or automation, you need to still generate the SHA256 hash to allow authentication in the command line level in a secure fashion.
- Determine the password or passphrase you want to use to authenticate against
- Example:
SuperMonkey<3Banana2019
- Example:
- Generate a SHA256 hash using your tool of choice
- You could use an online generator like this one
- You should get a hash like
AA4F41A3CF9478B0C5933B35E847BE4BF5AF13DA002B5AD6C1D67EE6EA88BC56- The above was created using the example passphrase
- Save the generated hash
- You will need this in the Configuring LoanShark Preferences section of this guide.
LoanShark uses User Preferences which can be controlled by a plist file, through the defaults command, and/or through a configuration profile.
Note: The manual method, which is the default, could enable a user who has sudo privileges to edit LoanShark settings. This would include changing the SharedSecret key.
In payload/Library/Preferences you will find com.github.cybertunnel.LoanShark.plist; this is a Property List(plist) in XML format. This file contains settings which LoanShark uses to provide a custom experience.
Open this .plist file in your favorite editor. Some suggested ones are Xcode, or PlistEdit Pro which is available on their website
Checkout the Preference Keys section of this page for what each key does.
Note: If using Jamf Pro, it is best to upload the plist to the Custom Payload section of the Configuration Profile Creation screen. This automatically creates a configuration profile for use inside your environment.
Update the below configuration profile with the correct values for your configuration
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>FF1D8EE8-F7D6-4159-818F-64B694B22FD7</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Acme Corporation</string>
<key>PayloadIdentifier</key>
<string>FF1D8EE8-F7D6-4159-818F-64B694B22FD7</string>
<key>PayloadDisplayName</key>
<string>LoanShark Configuration</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>C86CE3CB-68E6-4BFD-B207-94A4A8A1C99E</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadOrganization</key>
<string>Acme Corporation</string>
<key>PayloadIdentifier</key>
<string>C86CE3CB-68E6-4BFD-B207-94A4A8A1C99E</string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadContent</key>
<dict>
<key>com.github.cybertunnel.LoanShark</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>lockoutMessage</key>
<string>This loaning period has expired. Please return to the IT member listed below.</string>
<key>logoffTimer</key>
<integer>60</integer>
<key>jamfURL</key>
<string>mdm.acme.com</string>
<key>authorizedGroupIDs</key>
<array>
<integer>1</integer>
<integer>2</integer>
</array>
<key>extensionOptions</key>
<array>
<string>1 Day</string>
<string>3 Days</string>
<string>5 Days</string>
<string>7 Days</string>
<string>1 Week</string>
<string>2 Weeks</string>
<string>3 Weeks</string>
<string>1 Month</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>Since LoanShark allows a unique and configurable experience, the settings below enable you to control these settings.
| Key Name | Type | Default | Description | Required | Example |
|---|---|---|---|---|---|
| jamfURL | String | none |
The url to your Jamf Pro instance. If not using Jamf Pro for authentication, checkout the sharedSecret key |
yes | mdm.acme.com |
| authorizedGroupIds | Array of Numbers | none |
The Jamf Pro user group memberships of users who should be able to access LoanShark's management interfaces | yes | 1 |
| extensionOptions | Array of Strings | None Set |
The options available for the user to select as extension possibilities | yes | 1 day |
| logOffTimer | Number | 60 | The amount of time, in seconds, until the user gets logged out after the Expiration screen gets displayed | no |
120 for 2 minutes |
| lockoutMessage | String | none |
The message displayed to the end user which the loaning period expires | yes | Please return to your IT folks |
| enableDebugging | Bool | false |
The ability to access debugging menus and features, read more here | no | YES |
| sharedSecret | String | none |
This is a SHA256 hash of a password/secret. This enables authentication via. Command Line Interface, along with use without Jamf Pro | no (yes if using CLI) | D5F0EEA436EEC8980AAF136DE992A8ACBACEDBEF802390F56433988B28CBF181 |
| sharedSecretAuth | Bool | false |
Ability to use the shared secret for authentication instead of username and password | NO |
YES |
| jamfCloud | Bool | false |
Use Jamf Cloud's 443 port instead of the default 8443 | NO |
YES |
Before building your package, make sure you check the following:
- The
payload/Library/Preferences/com.github.cybertunnel.LoanShark.plistconfigured- If using Configuration Profile, ensure it is actively being deployed to your loaners
- Ensure
LoanShark.appexists inpayload/Library/Application Support/LoanShark/
Once the everything is checked, in Terminal run the build_pkg.sh script located in the installer folder.
Deploying the installer is unique for each environment, so deploy like any of your other packages.
If using a Configuration Profile, ensure your loan devices are receiving the LoanShark profile.