Ctrlk
PricingInstall StepSecurity AppLogin

Iru (formerly Kandji)

This guide walks through deploying Dev Machine Guard across your macOS fleet using Iru (formerly Kandji). The deployment uses Iru's Custom Script library item to run the loader on a daily schedule, after a short pilot run at higher frequency.

The loader script shown in the StepSecurity dashboard is rendered with your tenant's credentials already embedded and should work as-is. If you need to customize the script (alternative install directory, proxy, etc.), reach out to StepSecurity.

Prerequisites

  • An Iru tenant with administrative access to Library and Blueprints.

  • A Blueprint scoped to the devices you want to enroll in the pilot, and a second Blueprint covering your full fleet for rollout.

  • The Dev Machine Guard loader script for your tenant, downloaded from the StepSecurity dashboard (Step 1 below).

Step 1. Copy the loader script

  • Sign in to the StepSecurity dashboard.

  • In the sidebar, go to Developer Machines → Installation Script.

  • On the macOS tab, click the Copy button at the top right of the script editor. (You can alternatively click Download to save the script as a file.)

Step 2. Create a Custom Script in Iru

  • In Iru, open Library from the left sidebar.

  • Click Add Library Item.

  • In the General category, select Custom Script and click Add and configure.

Step 3. Configure the script

  • Give the script a descriptive name, for example StepSecurity Dev Machine Guard.

  • Under Blueprints, select the Blueprint that targets your pilot devices.

  • Under execution frequency, select Every 15 Minutes. You will change this to Run daily after pilot validation in Step 6.

  • Leave Self Service disabled.

Step 4. Paste the loader script

  • Scroll to the Audit Script section.

  • Paste the loader script you copied in Step 1 into the editor.

  • Leave the Remediation Script field empty.

  • Click Save at the bottom right.

Step 5. Validate on the pilot group

The 15-minute frequency set in Step 3 means each pilot device will run the loader automatically within 15 minutes of receiving the Blueprint. No action is needed on the client devices.

After 15 to 30 minutes, confirm on each pilot device:

  • The library item status in Iru shows the script ran successfully.

  • The device appears in the StepSecurity dashboard under Developer Machines → Devices with recent telemetry.

Step 6. Roll out to the fleet

Once validation passes, update the Custom Script in Iru:

  • Under Blueprints, change the assignment from your pilot Blueprint to the Blueprint covering your full fleet.

  • Change execution frequency from Every 15 Minutes to Run daily.

  • Click Save.

Uninstalling

To stop Dev Machine Guard from running on enrolled devices, either:

  • Remove the Custom Script library item from the Blueprint, or

  • Remove the device from the Blueprint.

Iru will stop scheduling further loader runs immediately. Any locally installed Dev Machine Guard binary will remain on the device until cleaned up out-of-band; see Devices for guidance.

Troubleshooting

Symptom
Where to look

Iru reports the library item as failed

Iru → Library → the Custom Script item → run history and per-device logs

Iru shows the script as successful but no device data

Confirm the script pasted in Step 4 is the full loader, including the embedded configuration

Devices missing from the StepSecurity dashboard

Confirm the pilot Blueprint covers the expected devices in Iru

For additional support, contact StepSecurity.

PreviousmacOSNextAdmin Console

Last updated

Was this helpful?