macOS Support & Elevated Sessions (Early Access Members)
Learn how to elevate your macOS user credentials to gain higher levels of access and functionality on your device in this informative session.
Written by Owen Parry
Updated at June 25th, 2025
Table of Contents
The macOS agent allows technicians to temporarily elevate a user's account permissions from standard to administrator on a macOS machine. This process is triggered by a request notification, which technicians can either approve or deny. Approved elevations last for a predetermined duration, enabling end-users to complete tasks requiring admin privileges without permanently granting them administrator status.
macOS Agent is in Early Access currently
Access to the macOS agent is limited currently to Early Access memebrrs that are testing it. If you want to join the early access problem, please send a ticket to support@cyberfox.com with Early Access in the subject line and we can tell you about the program and how to sign up.
QuickStart Guide
We designed macOS Elevated Sessions to help partners get started quickly. Follow these steps to configure and deploy the agent into your macOS environments:
Enable macOS Support
- Navigate to the Settings screen in the Admin portal.
- Locate the "macOS Support" option in the Settings grid.
- Select Enable, then confirm the action.
Install the macOS agent
- Go to the General Info section at the top of the Settings screen.
- Click Mac Agent Installer and download the PKG.
- The PKG can also be downloaded from the Locations “Installer Information” dialog.
- Use the PKG or command to install the agent on macOS devices where you wish to enable request handling.
- The agent, technically termed as a “Launch Daemon” by Apple, can be installed with license key, company and location names entered through the UI.
- macOS devices will appear on the Computers grid alongside other computers. A new “Platform” icon will be visible.
- Most actions do not apply to macOS devices currently.
Scripted SUDO Command Installation
We recommend using the SUDO command installation which can be found under Companies> View (Eye icon next to selected company)> View installer information (Papers icon next to selected location)> For Mac installation> COPY COMMAND.
End-User Instructions
End-users (who are local Standard users) can request temporary admin privileges by following these steps:
- Click the icon
in the menu bar at the top of the desktop. - Click the Request Elevation Session option.
- Enter explanation for elevation session request.
- Click SEND REQUEST. Can close dialog box after submission.
If the request is Approved, the following alert will appear on the end-user's screen:
NOTE: Currently there is no alerts back to the end-user if a Request has been denied.
When the Elevated Session ends (or if the session is cancelled by the end-user or admin), the following alert will appear:
Technician Instructions
Technicians can quickly and efficiently respond to requests via the Admin portal:
- When a pending request is received, open the Requests grid and click the eye icon to review the request in detail. Elevated Session Requests appear with a “Request Type” field of Session.
- To approve the request:
- Click Approve.
- Specify the duration of admin privileges (in increments of 5 minutes).
- To deny the request:
- Click Deny.
To view current Elevated Sessions or to cancel an existing session:
- Navigate to the computer on the Computers grid.
- Click the eye icon to view the Computer details
- Select an Elevated Sessions from the grid
- Click the Cancel action from the Actions menu
Role Permissions
Below are the current permissions available with macOS Elevated Sessions:
- Administrator: Requests View/Edit (Approve/Deny)
- Downstream Admin: Requests View/Edit (Approve/Deny)
- Read Only: Requests View only
- Technician (Level 3): Requests View/Edit (Approve/Deny)
- Technician (Level 2): Requests View/Edit (Approve/Deny)
- Technician (Level 1): Requests View only
Current Features
The following features are currently available:
- Pending request handling
- Approve or deny requests
- End-user notifications upon Approval
- Request explanation field
- Notifications (Admin Portal & Mobile App)
- Mobile App support
Features In Progress
Coming soon in Early Access:
- Move, Delete, Update Computer action menu item support
- Ticketing system integrations
- Request security checks
- Elevated Session activity logs
- Remove Admin Privileges
Important Notes
- Powered by Addigy: The macOS agent is powered by Addigy. An existing Addigy account is not required.
- Existing Addigy Partners: We do not currently support integrating with existing Addigy partners. (coming soon)
Uninstallation
- Must be an Admin and run the following command:
sudo "/Library/Application Support/CyberFOX/AutoElevate/uninstall"
Troubleshooting
-
Stopping the Agent Manually:
sudo launchctl bootout system "/Library/LaunchDaemons/com.cyberfox.AutoElevate.plist" -
Starting the Agent Manually:
sudo launchctl bootstrap system "/Library/LaunchDaemons/com.cyberfox.AutoElevate.plist" - Wrong Credentials: The daemon will not authenticate with the API and will remain running but inactive. Re-run the installer with the correct credentials.
-
Enabling Diagnostic Logs: Create a file elsewhere and move it into the AutoElevate folder:
echo "ENABLE_DIAGNOSTIC_LOGS=true" > "/Users/$(whoami)/Desktop/debug.conf" && sudo mv "/Users/$(whoami)/Desktop/debug.conf" "/Library/Application Support/CyberFOX/AutoElevate"
User info could not be sent.
After logging in, some users might experience a brief delay before being able to make a request. This is due to the fact it take about a minute for the agent to update the servers with the current user information. We are aware of this issue and are working on a fix that will be included in a future update.
