Deploying LucidLink with Jamf Pro MDM

  • Updated

Introduction

It is possible to deploy and manage LucidLink installation on macOS via an MDM solution. In this guide we will look at the steps necessary to achieve this in Jamf Pro. The deployment workflow is simplified compared with LucidLink Classic since LucidLink is now KEXT-less.

For an end-to-end zero-touch user workflow the following requirements must be met:

  • The Mac is enrolled in your Jamf Pro instance by any method

Workflow Overview

  1. Upload the latest LucidLink .pkg to your Jamf Pro instance
  2. Create a Policy containing a Package payload with the LucidLink .pkg selected
  3. Scope the Policy to the desired Macs

Policy Setup

  1. In Jamf Pro navigate to Settings > Computer Management > Packages
  2. Click New 
    1. Display Name = LucidLink + Version Number (e.g. LucidLink-3.0.5564)
    2. Drop or Browse for the desired LucidLink .pkg
    3. Add notes and Info as desired
      JamfLL3Package.png
  3. Click Save
  4. Navigate to Policies
  5. Click New
  6. Use the following settings:
    1. General > Display Name = LucidLink
    2. General > Enabled = YES
    3. General > Trigger = You determine this
      JamfLL3PolicyGeneral.png
       
    4. Packages > Find your Package and click Add
      JamfLL3PolicyPackage.png
       
    5. Configure Self Service settings as desired

Once this is deployed to the Mac via a trigger or Self Service, the LucidLink .pkg will install silently. LucidLink will automatically open after installation and does not require a system restart or any user interaction to operate.

PPPC (Optional)

To prevent macOS from asking the user for access to Network Volumes when mounting their first filespace, you may want to deploy a PPPC profile to the clients that approves this in advance, for them. The best way to achieve this is to download the PPPC Utility provided by Jamf here, create the profile as shown in the screenshot below and save it.

This PPPC profile can then be imported into your Jamf Pro environment as a Configuration Profile and scoped to the desired systems.

Screenshot 2026-02-06 at 9.14.59.png

Deploying Domain Keys for SSO Log Ins

If you're deploying a domain key (.domainkey) alongside the LucidLink package to enable seamless SSO login, be aware of a potential execution context issue.

Jamf installs run as root, so when the LucidLink app launches immediately post-install, it runs in the root context rather than the user context. The app can't read the key from ~/.lucid-keys because ~ resolves to root's home, not the end user's.

To resolve this, add a post-install script that exits LucidLink after installation. When the user first launches the app themselves, it opens in the correct context and can read the key.

FAQs

Q. Does LucidLink rely on a KEXT and approval?
A. No, LucidLink is KEXT-less and also does not rely on System Extensions.

 

Q. Is a system restart required after the installation or update of LucidLink?
A. No, LucidLink can be installed and immediately used with no system restart.

 

References

Jamf Pro documentation

Packages: https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Packages.html

Deploying Packages: https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Package_Deployment.html

Jamf PPPC Utility: https://github.com/jamf/PPPC-Utility

Was this article helpful?

0 out of 0 found this helpful