Provision a new MacBook for 858 Therapeutics according to the standard endpoint configuration, including management agents, identity integration, security tools, and end-user application setup.

• Target device: New MacBook (858 Therapeutics standard configuration)
• Management tools: ConnectWise ScreenConnect, N-able N-central, JumpCloud, SentinelOne, Dropbox
• macOS version: macOS 26 (or current supported release)
• Required access: LocalUser admin credentials, centrexIT password vault, ConnectWise Automate configurations, JumpCloud admin console, SentinelOne console
• On-site contact: Kim Russell (858 Therapeutics) — coordinate availability before drop-off
• Connect the Magic Mouse and Magic Keyboard to the new MacBook via Bluetooth before beginning setup
• Confirm with Kim Russell her availability for on-site drop-off — Kim generally expects you to connect the MacBook to 858 Wi-Fi and unbox the MacBook and its accessories to complete the workstation setup on-site

1. Perform initial macOS setup with LocalUser account. Power on the MacBook and proceed through the macOS Setup Assistant.

   1. Create the standard local administrator account:
      • Username: Localuser
      • Password: Retrieve from 1Password
   2. When prompted to sign in with an Apple Account (formerly Apple ID), select Set Up Later or Skip to proceed without linking an Apple Account.

   macOS 26 Note: The setup assistant refers to “Apple Account” rather than the legacy “Apple ID” or “iCloud account” terminology. Choose Set Up Later when prompted.

2. Install ConnectWise ScreenConnect (remote support). Download the ScreenConnect client installer for macOS from the centrexIT deployment link and run the installer package.

   1. During installation, a prompt appears requesting screen recording access. Click Open System Settings when prompted.
   2. Grant Accessibility permissions in System Settings > Privacy & Security > Accessibility — enable the toggle for both centrexIT Secure Remote Support Client and connectwisecontrol-... (the ScreenConnect agent). You may need to authenticate with the LocalUser password.
   3. Grant Screen Recording permissions in System Settings > Privacy & Security > Screen Recording — enable the toggle for both centrexIT Secure Remote Support Client and connectwisecontrol-.... If the connectwisecontrol entry appears with a warning indicator, toggle it on and restart the agent if necessary.
   4. Confirm the ConnectWise ScreenConnect installer shows “The installation was completed successfully” on the Summary screen and click Close.

   macOS 26 Note: macOS manages these permissions via toggle switches in System Settings > Privacy & Security (not checkboxes in the legacy “Security & Privacy” preference pane). There is no lock icon — macOS prompts for authentication automatically when you change a toggle.

3. Install N-able N-central agent. Download the N-able Mac Agent installer from the centrexIT deployment link and run the installer.

   1. When the Register Mac Agent screen appears, select Register the N-central Agent.
   2. Configure the registration:
      • Register by: Customer Name and ID
      • Customer ID: 416
      • Server URL: ncentral.centrexit.com
      • Protocol: HTTPS (checked)
      • Port: 443
   3. Click Register to complete agent registration.

4. Rename the MacBook. Open Terminal (press Cmd + Space, type Terminal, press Enter) and run the following commands, replacing {Username} with the user’s assigned username:

   sudo scutil --set HostName {Username}-MacBook-Pro.8five8tx.local
   sudo scutil --set LocalHostName {Username}-MacBook-Pro.local
   sudo scutil --set ComputerName {Username}-MacBook-Pro
   dscacheutil -flushcache

   Restart the Mac to apply the hostname changes.

   Naming convention: Follow the format {FirstName}-MacBook-Pro (for example, Kimberlys-MacBook-Pro).

5. Install JumpCloud agent. Download the JumpCloud agent package from ConnectWise Configuration > “JumpCloud Directory as a Service (DaaS AD)” (found under the Attachments tab).

   1. Run the jumpcloud-agent.pkg installer. When prompted, enter the LocalUser credentials.
   2. When prompted for the JumpCloud Connect Key, enter: 47f813059e8d0fbcbf01b9b403971fd522cdaa02
   3. When prompted to allow JumpCloud to manage FileVault, enter the LocalUser password and click Continue.
   4. Confirm the installer shows “The installation was completed successfully. Thank you for installing the JumpCloud agent.” and click Close.

6. Configure JumpCloud in the admin console.

   1. Add MacBook to device group: Log in to the JumpCloud Admin Console, navigate to Device Management > Device Groups, open the group “All MacOS Systems”, and add the newly provisioned MacBook.
   2. Associate user with the device: Navigate to Device Management > Devices, click on the new MacBook device, click the Users tab, find the end user, check the box next to their username, and click Save.

   Associating the user with the device in JumpCloud automatically creates the user account on the MacBook.

7. Install SentinelOne (endpoint protection). Download the SentinelOne agent package from ConnectWise Configuration > “APP - SentinelOne (Anti-Virus | EDM)” under the Attachments tab.

   1. Run the installer and click through the prompts.
   2. When prompted for the Activation Key, enter the key stored in the ConnectWise configuration for SentinelOne.
   3. If macOS blocks system software from “Sentinel Labs Inc.”, open System Settings > Privacy & Security, scroll down to the Security section, and click Allow. Authenticate with the LocalUser password if prompted.
   4. Grant additional privacy permissions (such as Full Disk Access) that SentinelOne requests via the macOS notification prompts.

   macOS 26 Note: Find the blocked extension approval in System Settings > Privacy & Security (scroll down in the pane). There is no separate “General” tab with a lock icon — macOS prompts for authentication automatically when you click Allow.

8. Log in as the end user. Log out of the Localuser account. At the macOS login screen, select the end user’s account (created automatically via JumpCloud in step 6) and log in using the user’s JumpCloud credentials.

9. Install Dropbox. While logged in as the end user, open a web browser, navigate to dropbox.com/install, download and install the Dropbox desktop application, and sign in to the user’s Dropbox account when prompted.

#	Check	Expected Result
1	LocalUser account created	Can log in with Localuser and password from vault
2	Apple Account bypassed	No Apple Account linked to the device during setup
3	ScreenConnect installed and permissions granted	ScreenConnect shows as online in ConnectWise; Accessibility and Screen Recording permissions enabled in System Settings
4	N-able N-central agent registered	Device appears in N-central under Customer ID 416
5	MacBook renamed correctly	hostname command in Terminal returns {Username}-MacBook-Pro
6	JumpCloud agent installed and connected	Device appears in JumpCloud console under Devices
7	Device added to “All MacOS Systems” group	Device listed in the JumpCloud Device Group
8	User associated with device in JumpCloud	User checkbox appears selected on the device’s Users tab
9	SentinelOne installed and active	SentinelOne agent shows as active/online in the SentinelOne console; kernel extension allowed
10	End user can log in	User can authenticate at macOS login screen with JumpCloud credentials
11	Dropbox installed and signed in	Dropbox icon appears in the menu bar and is syncing

Symptom	Cause	Resolution
ScreenConnect permissions not appearing in System Settings	Installer did not trigger permission request	Open System Settings > Privacy & Security manually and add the ScreenConnect entries for Accessibility and Screen Recording
N-central agent not registering	Incorrect Customer ID or server URL	Verify Customer ID is 416 and server URL is ncentral.centrexit.com with HTTPS on port 443
JumpCloud user account not created on MacBook	User not associated with device in JumpCloud	Open the device in JumpCloud Admin Console, click the Users tab, and confirm you enabled the checkbox for the user
MacBook hostname not updating after rename	DNS cache not flushed or restart not performed	Run dscacheutil -flushcache and restart the Mac
SentinelOne kernel extension blocked by macOS	macOS Gatekeeper blocked the extension on first load	Open System Settings > Privacy & Security, scroll to the Security section, and click Allow
End user unable to log in at macOS login screen	JumpCloud user-device association incomplete or sync pending	Confirm JumpCloud shows the user linked to the device and wait for the agent to sync (up to 5 minutes)

• 1Password — for retrieving LocalUser credentials
• ConnectWise Automate Configurations — source for JumpCloud agent, SentinelOne agent packages, and ScreenConnect deployment links
• JumpCloud Admin Console — for device group management, user-device association, and MDM policy configuration
• N-central Dashboard — ncentral.centrexit.com — for verifying N-able agent registration
• SentinelOne Console — for verifying endpoint protection status post-install
• 858 Therapeutics On-Site Contact — Kim Russell — coordinate for MacBook delivery and Wi-Fi setup