Skip to main content
Version: 25.10 (Latest)

User Mapping on macOS with Kandji

This article provides instructions on how to map macOS users in Kandji with Cyberhaven using a custom MDM configuration profile. Cyberhaven uses the user’s email address as a unique identifier for mapping.

Before you begin, make sure that the devices where you want to deploy the MDM configuration profile are assigned to Device Users with a registered email address.

Deploy the MDM Profile

1. Copy the following MDM configuration profile into a text editor and save it as Cyberhaven-Kandji-UserMapping.mobileconfig.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>PayloadDisplayName</key>
        <string>Cyberhaven User Mapping</string>
        <key>PayloadIdentifier</key>
        <string>io.cyberhaven.lightbeam.66ECCE2B-09FA-4890-9A15-CF9C03803736</string>
        <key>PayloadType</key>
        <string>io.cyberhaven.lightbeam</string>
        <key>PayloadUUID</key>
        <string>66ECCE2B-09FA-4890-9A15-CF9C03803736</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>mdm_username</key>
        <string>$EMAIL</string>
      </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>Cyberhaven User Mapping Profile</string>
    <key>PayloadIdentifier</key>
    <string>com.kandji.profile.custom.deb6d422-7700-47cb-86ca-9624ce666b37</string>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>deb6d422-7700-47cb-86ca-9624ce666b37</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
  </dict>
</plist>

2. In Kandji create a new custom profile. Navigate to Library and click Add new.

3. Select Custom Profile from the options and click on Add and Configure to begin configuring the profile.

4. Give the profile a name. For example, “Cyberhaven User Mapping Profile”.

5. Under Install on, select Mac.

6. Assign the profile to the blueprints to specify the devices where you want to deploy it.

7. Upload Cyberhaven-Kandji-UserMapping.mobileconfig to the profile.

Verify User Mapping

You can verify the user mapping by checking the .plist file on a device where the custom profile is deployed.

In a terminal window, run the following command to open and read the .plist file. defaults read /Library/Managed\ Preferences/io.cyberhaven.lightbeam

The field mdm_username will now be included in the .plist file, along with the device user’s email address.

The following is an example of a .plist file that includes mdm_username .

{
  PayloadUUID = “deb6d422-7700-47cb-86ca-9624ce666b37”;
  backend = {
    “dlp_url” = “https://test.cyberhaven.io”;
    “installer_token” = “eyJhbGcviHRxNWOHzmOs6go_tw.....”;
    url = “https://test.cyberhaven.io”;
  };
  “mdm_username” = “clu@cyberhaven.eu”;
  “use_system_extension” = 0;
  version = “2.0.5";
}