Enrolling macOS Devices with KyberGate Agent

Deploy KyberGate on macOS devices using the KyberGate Agent app. Available on the Mac App Store, the agent provides system-wide web filtering, automatic proxy configuration, and certificate management for macOS laptops and desktops.

Before You Begin

• macOS 13 (Ventura) or later
• Administrator access on the Mac
• Your organization's enrollment token (found in Settings → Devices → Add Device → macOS in your dashboard)
• For MDM deployment: Jamf Pro, Mosyle, Kandji, or another macOS MDM

Installation Methods

Method 1: Mac App Store (Individual Devices)

1. Open the App Store on the Mac
2. Search for KyberGateAgent
3. Click Get → Install
4. Open KyberGateAgent from Applications or Launchpad
5. Enter your enrollment token when prompted
6. Grant the requested permissions:
   • Network Extension: Required for proxy configuration
   • System Proxy: Required to route traffic through KyberGate
7. Enter your Mac admin password to authorize system changes
8. The agent connects and the device appears in your dashboard

Method 2: MDM Deployment (Fleet)

Jamf Pro:

1. In Jamf, go to Computers → Configuration Profiles → New
2. Add a Global HTTP Proxy payload with PAC URL from your dashboard
3. Add a Certificate payload with the KyberGate root certificate
4. Deploy KyberGateAgent via App Store Apps in Jamf
5. Pass enrollment token via managed app configuration key enrollmentToken

Mosyle:

1. In Mosyle, go to Management → Install Apps
2. Add KyberGateAgent from the App Store
3. Create a proxy profile with your PAC URL under Network
4. Deploy certificate profile and push to your macOS device group

Kandji:

1. Add a Custom App library item for KyberGateAgent
2. Create a Network profile with PAC file URL
3. Add a Certificate profile with the KyberGate root certificate
4. Assign to your Mac blueprint

Method 3: MDM Auto-Enrollment

If deployed via MDM with managed app configuration, it can auto-enroll without user interaction:

1. Set the enrollmentToken key in the MDM's managed app configuration
2. The agent reads the token on first launch and enrolls automatically
3. No manual token entry required — ideal for zero-touch deployment

What the Agent Does

• Configures system proxy settings using your organization's PAC file
• Installs and trusts the KyberGate root certificate in the System Keychain
• Monitors web traffic and reports activity to your dashboard
• Runs as a Launch Agent (starts on login)
• Supports network extension for advanced traffic inspection

Verifying Installation

1. Check the menu bar — the KyberGate icon should appear with a green dot
2. Click the icon → Status to see connection info and last check-in time
3. The device should appear in your dashboard under Devices within 2-5 minutes
4. Visit a blocked site to confirm filtering is working

Tips

• For large deployments, use MDM auto-enrollment — it's zero-touch
• The agent persists across macOS updates
• System Extension approval may require MDM pre-approval for silent installation

Troubleshooting

• Network Extension permission denied: Go to System Settings → Privacy & Security → Network Extensions and enable KyberGateAgent
• Certificate not trusted: Open Keychain Access → System → Certificates, find the KyberGate certificate, set trust to Always Trust
• Agent not starting: Check System Settings → Login Items to ensure KyberGateAgent is listed
• MDM profile conflicts: Ensure only one proxy configuration is active

Related Articles

• System Requirements and Supported Devices
• Network and Proxy Settings
• Device Not Appearing in Dashboard
• Certificate Installation Issues