Skip to main content

Assigning Devices to Deployment Groups During Sensor Installation

Cyberhaven enables you to manage your devices by organizing them into deployment groups. Deployment groups represent organizational units such as departments, locations, or functions.

During sensor installation, you can automatically assign each device to a specific deployment group by using a JSON-based mapping schema.

You can define the schema in your MDM solution and specify the deployment group IDs for mapping devices during sensor installation in the initial_deployment_group_id field.

Mapping Devices to Deployment Groups (Jamf Pro Example)

To automatically assign macOS devices to Cyberhaven deployment groups during sensor installation, you must define a mapping using your MDM solution. This involves configuring a custom variable initial_deployment_group_id and associating it with your device inventory.

Step 1: Copy Deployment Group IDs

  1. Navigate to the Deployment Group Settings on the Endpoint Sensors page in the Cyberhaven Console.

  2. Copy the deployment group IDs and save them to a notepad.

Step 2: Create an Extension Attribute in Jamf

  1. Log in to Jamf Pro and navigate to Settings > Computer management.

  2. Click on Extension attributes and then click New.

  3. Name the attribute exactly, initial_deployment_group_id.

  4. Choose an Input Type. In this example screenshot, we’ve chosen a pop-up menu and entered the deployment IDs copied earlier as options.

  5. Note of the extension attribute number from the URL for example, “3”.

  6. Click Save.

Step 3: Create a Custom MDM Profile

  1. Go to Computers > Configuration Profiles. Click New.

  2. Provide a name to identify this profile and adjust the scope of the deployment.

  3. On the left navigation pane of the New Configuration Profile page, click Application & Custom Settings > External Applications.

  4. Click Add to add Cyberhaven as an external application and select Custom Schema as the source.

  5. In the Preference Domain field, enter io.cyberhaven.lightbeam.

  6. Click Add Schema and add the following JSON schema.

    {
      "title": "Cyberhaven Device Mapping",
      "description": "Cyberhaven deployment group mapping",
      "type": "object",
      "properties": {
        "initial_deployment_group_id": {
          "type": "string",
          "title": "Initial Deployment Group ID",
          "description": "Cyberhaven deployment group ID for device assignment"
        }
      },
      "required": [
        "initial_deployment_group_id"
      ]
    }

  7. Under Preference Domain Properties section , for Initial Deployment Group ID, enter the extension attribute using the format $EXTENSIONATTRIBUTE_3. Replace “3” with the actual attribute number from Step 2.

  8. Click Save.

Step 4: Assign the Attribute to Devices

  1. Go to Computers > Inventory.

  2. Assign the initial_deployment_group_id attribute to individual devices or device groups. You can also use Smart Groups to dynamically assign values.

  3. Click Save.

Step 5: Verify the Assignment

After deployment, verify that the deployment group ID has been applied. Run:

% defaults read /Library/Managed\ Preferences/io.cyberhaven.lightbeam.plist

Look for the initial_deployment_group_id key and confirm the correct value is present.

After this configuration is complete, Cyberhaven sensors installed via MDM will automatically map devices to their designated deployment groups based on the assigned attribute in the Preference Domain.

Last updated on