MDM App Deployment

Welcome

Welcome aboard the MDM App Deployment section at Harmony SASE's Help Center!
This guide offers you a sneak peek into this category and the must-visit resources.

The deployment process of Harmony SASE varies depending on your MDM (Mobile Device Management) provider and is done utilizing a public app deployment process.

If you are managing the Harmony SASE client deployment using MDM you should disable the Update client functions in the Harmony SASE Web Console to prevent looping client installation issues.

Must-Visit Resources

Download the Harmony SASE agent
MDM deployment with SWG
Using SCCM? See SCCM Agent Deployment
deployment guides for common MDM providers

Transparent Internet Access Installation

Note - Applies to Harmony SASE Agent version 11.5 and higher.

The Transparent Internet Access enforces internet security immediately upon agent installation, without requiring any end-user interaction.

The remote installation process bypasses both device and member registration while ensuring that users receive the latest security policies, even if they have not signed in to the agent.

You can generate a unique installation key from the platform download page. This key is visible only to Admin users. Once generated, the key validity cannot be modified.

Note - Private Access remains restricted until the user authenticates and registers on the platform.

Seamless Internet Access installation requires sending a combination of these command-line parameters during the agent installation process:

REGION
WORKSPACE^*
INSTALLATION_KEY
USER_EMAIL^*
^*Optional

Common Commands

Operating System	Windows (.msi installation flags for versions 11.0 and above):	Windows (.msi installation flags for legacy versions (up to 11.0):	macOS	Linux (installation flags):
Command for			macOS	Linux (installation flags):
Silent Installation	`msiexec /quiet /i Harmony_SASE_x.x.x.xxx.msi` To know the installation status after the silent installation, run: `start /wait msiexec /quiet /i “Harmony_SASE_x.x.x.xxx.msi"` `echo %errorlevel%`	`msiexec /quiet /i Perimeter81_x.x.x.xxx.msi` To know the installation status after the silent installation, run: `start /wait msiexec /quiet /i “Perimeter81_x.x.x.xxx.msi"` `echo %errorlevel%`	For version 11.0.10 and above: `$ sudo installer -pkg Harmony_SASE_x.x.x.xxx.pkg -target /` For legacy versions (up to 11.0.10): `$ sudo installer -pkg Perimeter81_x.x.x.xxx.pkg -target /` To change the agent permissions after the installation, run: `$ sudo chown -R $(stat -f%Su /dev/console) "/Applications/Perimeter 81.app"` `$ chmod -R u=rwx "/Applications/Perimeter 81.app"`
Pre-populating the tenant or workspace name	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"`	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"`	`$ sudo defaults write com.perimeter81d workspace workspace_name` To remove pre-populated workspace/tenant name, run: `$ sudo defaults delete com.perimeter81d workspace` This is supported only with agent version 8.0.4.116 and higher.	To pre-populae the workspace name, run: `/opt/Perimeter81/perimeter81 ctl set-prepopulate-tenant-id workspace_name` Replace "`workspace_name`" with your actual workspace
Pre-populating the data residency region	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet REGION="EU, US, AU, or IN"` For `REGION`: `"EU"` - Europe `"US"` - America `"AU"` - Australia `"IN"` - India	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet REGION="EU, US, AU, or IN"` For `REGION`: `"EU"` - Europe `"US"` - America `"AU"` - Australia `"IN"` - India	`$ sudo defaults write com.perimeter81d region "EU, US, AU, or IN"` For `REGION`: `"EU"` - Europe `"US"` - America `"AU"` - Australia `"IN"` - India
Pre-populating the tenant or workspace name and data residency region	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU, US, AU, or IN"` For `REGION`: `"EU"` - Europe `"US"` - America `"AU"` - Australia `"IN"` - India	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU, US, AU, or IN"` For `REGION`: `"EU"` - Europe `"US"` - America `"AU"` - Australia `"IN"` - India	To pre-populating the tenant or workspace name, run: `$ sudo defaults write com.perimeter81d workspace workspace_name` To pre-populating the data residency region, run: `$ sudo defaults write com.perimeter81d region "EU, US, AU, or IN"` For `REGION`: `"EU"` - Europe `"US"` - America `"AU"` - Australia `"IN"` - India
Transparent user registration using tenant installation token (applies for version 11.5 and above)	`msiexec /quiet /i "Harmony_SASE_XX.XX.XX.XXXX.msi" REGION="EU, US, AU, or IN" TENANT_TOKEN="Installation Token"`
Transparent user registration, using tenant installation and user installation (applies for version 11.3 and higher)			`$ sudo defaults write com.perimeter81d REGION "EU, US, AU, or IN"` `$ sudo defaults write com.perimeter81d TENANT_TOKEN "Installation Token"` `$ sudo defaults write com.perimeter81d EMAIL "User@email.com"`
Uninstallation	`msiexec /x "Harmony_SASE_x.x.x.xxx.msi"`	`msiexec /x "Perimeter81_x.x.x.xxx.msi"`	Run the uninstall script.

Jumpstart Your Journey

If you're just stepping into the world of Harmony SASE, our Getting Started Guide is the perfect starting point.

Support at Your Fingertips

Got questions or need help? Our support team is available round the clock. You can chat with us anytime on our website, or drop us an email at sase-support@checkpoint.com