JumpCloud Community

mvives · ‎03-21-2022

Hi,

Someone shared this script with me. I was told it was originally created by Scott Reid of JumpCloud.

You run it after JC Agent is installed.

It looks for the local logged in user
Finds the local username on JC
It assigns the JC user to the JC device in the JC Dashboard
It assigns the JC device to a pre-defined JC Device group

#!/bin/bash
## Populate below variable before running command
JCAPIKey='XXX'

## Admin Group for Admin user deployment
systemGroupID='XXX'

## ------ MODIFY BELOW THIS LINE AT YOUR OWN RISK --------------
## Get the logged-in user's username

username="$(/usr/bin/stat -f%Su /dev/console)"
echo "Current logged in user is "$username

# lookup currently logged in user's Full Name
## Values for $5-$7 are passed in from JAMF in the policy that this script is added to.
## So the Admin user is the first user that just deployed during enrollment

adminUser="$username"

## Get JumpCloud SystemID
conf="$(cat /opt/jc/jcagent.conf)"
regex='\"systemKey\":\"[a-zA-Z0-9]{24}\"'
if [[ $conf =~ $regex ]]; then
    systemKey="${BASH_REMATCH[@]}"
fi
regex='[a-zA-Z0-9]{24}'
if [[ $systemKey =~ $regex ]]; then
    systemID="${BASH_REMATCH[@]}"
    echo "JumpCloud systemID found SystemID: "$systemID
else
    echo "No systemID found"
    exit 1
fi

## Adds the JumpCloud system to the Workstations Group
groupAddition=$(
    curl -s \
        -X 'POST' \
        -H 'Accept: application/json' \
        -H 'Content-Type: application/json' \
        -H 'x-api-key: '${JCAPIKey}'' \
        -d '{"op": "add","type": "system","id": "'${systemID}'"}' \
        "https://console.jumpcloud.com/api/v2/systemgroups/${systemGroupID}/members"
)
err=$?
if [[ ${err} -ne 0 ]]; then
    echo "Could not add system to system group id: ${systemGroupID} error=${err}"
    exit 1
    else echo "System added to system group id: ${systemGroupID}"
fi

## Get JumpCloud UserID
userSearch=$(
    curl -s \
        -X 'POST' \
        -d '{"filter":[{"username":"'${username}'"}],"fields" : "username activated email"}' \
        -H 'Accept: application/json' \
        -H 'Content-Type: application/json' \
        -H 'x-api-key: '${JCAPIKey}'' \
        "https://console.jumpcloud.com/api/search/systemusers"
)
regex='[a-zA-Z0-9]{24}'
if [[ $userSearch =~ $regex ]]; then
    userID="${BASH_REMATCH[@]}"
    echo "JumpCloud userID for user "$username "found userID: "$userID
else
    echo "No JumpCloud user with username" "$username" "found."
    echo "Create a JumpCloud user with username:" "$username" "and try again."
    exit 1
fi

## Check user's current permissions
if groups ${username} | grep -q -w admin; then
    echo "User is an admin. User will be bound with admin permissions."
    admin='true'
else
    echo "User is not an admin. User will be bound with standard permissions"
    admin='false'
fi

## Checks if user is activated
regex='"activated":true'
if [[ $userSearch =~ $regex ]]; then
    activated="true"
    echo "JumpCloud account in active state for user: $username"
else
    activated="false"
    echo "JumpCloud account in pending state for user: $username"
fi
if [[ $activated == "true" ]]; then
    ## Capture current logFile
    logLinesRaw=$(wc -l /var/log/jcagent.log)
    logLines=$(echo $logLinesRaw | head -n1 | awk '{print $1;}')
    ## Bind JumpCloud user to JumpCloud system
    userBind=$(
        curl -s \
            -X 'POST' \
            -H 'Accept: application/json' \
            -H 'Content-Type: application/json' \
            -H 'x-api-key: '${JCAPIKey}'' \
            -d '{ "attributes": { "sudo": { "enabled": '${admin}',"withoutPassword": false}}    , "op": "add", "type": "user","id": "'${userID}'"}' \
            "https://console.jumpcloud.com/api/v2/systems/${systemID}/associations"
    )
    ## Checks and ensures user bound to system
    userBindCheck=$(
        curl -s \
            -X 'GET' \
            -H 'Accept: application/json' \
            -H 'Content-Type: application/json' \
            -H 'x-api-key: '${JCAPIKey}'' \
            "https://console.jumpcloud.com/api/v2/systems/${systemID}/associations?targets=user"
    )
    regex=''${userID}''
    if [[ $userBindCheck =~ $regex ]]; then
        userID="${BASH_REMATCH[@]}"
        echo "JumpCloud user "$username "bound to systemID: "$systemID
    else
        echo "error JumpCloud user not bound to system"
        exit 1
    fi

touch /var/log/JC-Added-Workstation-Device-Group.log

    ## Waits to see local account takeover
    updateLog=$(sed -n ''${logLines}',$p' /var/log/jcagent.log)
    accountTakeOverCheck=$(echo ${updateLog} | grep "User updates complete")
    logoutTimeoutCounter='0'
    while [[ -z "${accountTakeOverCheck}" ]]; do
        Sleep 6
        updateLog=$(sed -n ''${logLines}',$p' /var/log/jcagent.log)
        accountTakeOverCheck=$(echo ${updateLog} | grep "User updates complete")
        logoutTimeoutCounter=$((${logoutTimeoutCounter} + 1))
        if [[ ${logoutTimeoutCounter} -eq 10 ]]; then
            echo "Error during account takeover"
            echo "JCAgent.log: ${updateLog}"
            exit 1
        fi
    done
    echo "Account takeover occurred at" $(date +"%Y %m %d %H:%M")
else
    echo "Account not activated. Have user set a JumpCloud password to activate account and try again."
    exit 1
fi

exit 0

mvives · ‎03-21-2022

I worked through it and found the problem. I've updated the original post with the working script and sanitized it.

View solution in original post

Ben_Garrison · ‎03-21-2022

This is great.. I'll take a look. What is the error message?

mvives · ‎03-21-2022

I worked through it and found the problem. I've updated the original post with the working script and sanitized it.

JumpCloud Community

Script: Assign User to Device and Assign Device to Device Group