Customize macOS Installation of Cisco Secure Client (2024)

Managed device manager (MDM) systems can customize the installation of the Cisco Secure Client (formerly AnyConnect) with various modules on macOS. The Cisco Secure Client has the option to install with pre-configured Secure Access profiles and to hide the display of modules in the Cisco Secure Client's graphical user interface (GUI). Modify the Cisco Secure Client deployment disk image (DMG) file to select the modules to install with the client.

This guide describes how to deploy the Cisco Secure Client with the VPN, Umbrella (Roaming Security that includes both the DNS-layer security and Web security), and DART (diagnostics) modules. The default installation of the Cisco Secure Client deploys the virtual private network (VPN) module.

The Cisco Secure Client requires an XML configuration to deploy modules from the command-line interface (CLI) or MDM. You can use a transform (ACTransforms.xml) to deploy Cisco Secure Client without the VPN module.

  • Requirements
  • Prerequisites
  • Procedure


  • macOS version 10.14.6 or newer
  • Cisco Secure Client 5.0 or newer
  • Administrative privileges on the macOS device
  • (Optional) macOS MDM permissions
  • Download the OrgInfo.json file from Secure Access. For more information, see Download the OrgInfo.json File.
  • Download the Cisco Secure Client Pre-Deployment Package (Mac OS) from


Choose the modules to install with the Cisco Secure Client on a macOS device.

Use Disk Utility or hdiutil to change the permissions on the DMG package from Read Only to Read/Write.

  1. Open a Terminal and set the DMG file to Read/Write.
hdiutil convert cisco-secure-client-macos-5.1.05040-predeploy-k9.dmg -format UDRW -o csc-writeable.dmghdiutil attach csc-writeable.dmg

Step 2 – Generate the Module Installation Configuration File

Generate the Cisco Secure Client module configuration file. The configuration file defines the modules to include with the installation of Cisco Secure Client.

  1. Open a Terminal and launch the DMG from /Volumes.
open /Volumes/Cisco\ Secure\ Client\ <version>
  1. Run installer providing the pkg option with the name of the Cisco Secure Client package and the showChoiceChangesXML option. Redirect the output to install_choices.xml to generate the installation configuration file.
installer -pkg /volumes/Cisco\ Secure\ Client\ <version>/Cisco\ Secure\ Client.pkg -showChoiceChangesXML > ~/Downloads/install_choices.xml 

Where is the current version number of Secure Client.

  1. Open a Terminal and launch the DMG from /Volumes/Profiles.
cd /Volumes/Cisco\ Secure\ Client\ <version>/Profiles/Umbrella/
  1. Drag the OrgInfo.json file that you downloaded from Secure Access to Volumes/Profiles.

Step 4 – (Optional) Hide the VPN Module

To hide the display of the Cisco Secure Client VPN module in the client GUI, modify ACTransforms.xml.

  1. Open a Terminal and launch the ACTransforms.xml file from /Volumes.
open -e /Volumes/Cisco\ Secure\ Client\ <version>/Profiles/ACTransforms.xml

Where is the current version number of Secure Client.

  1. Remove the XML comments around the Transforms element, and then save ACTransforms.xml.

Edit install_choices.xml created in Step 2 – Generate the Module Installation Configuration File. Either skip or install the Cisco Secure Client modules defined in the configuration file.

  • To skip a module, define the module with 0.
  • To install a module, define the module with 1.

Note: Modifying choice_vpn does not supersede the changes that you made to ACTransforms.xml. The VPN module is required, even if the module is not displayed in the client GUI.

  1. Open a Terminal and launch install_choices.xml.
  2. Define an integer XML element for each module and assign to 0 or 1, and then save install_choices.xml.
cd /Volumesopen -e ~/Downloads/install_choices.xml

Example – Customize Cisco Secure Client Modules

In the following example, the Core VPN, Umbrella, and DART modules are set to 1 and are included in the Cisco Secure Client installation.

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ""><plist version="1.0"><array><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_anyconnect_vpn</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_anyconnect_vpn</string></dict><dict><key>attributeSetting</key><integer>1</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_anyconnect_vpn</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_fireamp</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_fireamp</string></dict><dict><key>attributeSetting</key><integer>0</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_fireamp</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_dart</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_dart</string></dict><dict><key>attributeSetting</key><integer>1</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_dart</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_secure_firewall_posture</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_secure_firewall_posture</string></dict><dict><key>attributeSetting</key><integer>0</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_secure_firewall_posture</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_iseposture</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_iseposture</string></dict><dict><key>attributeSetting</key><integer>0</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_iseposture</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_nvm</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_nvm</string></dict><dict><key>attributeSetting</key><integer>0</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_nvm</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_secure_umbrella</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_secure_umbrella</string></dict><dict><key>attributeSetting</key><integer>1</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_secure_umbrella</string></dict><dict><key>attributeSetting</key><true/><key>choiceAttribute</key><string>visible</string><key>choiceIdentifier</key><string>choice_thousandeyes</string></dict><dict><key>attributeSetting</key><false/><key>choiceAttribute</key><string>enabled</string><key>choiceIdentifier</key><string>choice_thousandeyes</string></dict><dict><key>attributeSetting</key><integer>0</integer><key>choiceAttribute</key><string>selected</string><key>choiceIdentifier</key><string>choice_thousandeyes</string></dict></array></plist>

Step 6 – Set Up the Correct Extension Permission Settings

  1. By default, macOS requires the user to accept the activation of a new System Extension. As a result, the user is presented with a popup. An MDM is required to approve the Cisco Secure Client system extension and disable the pop-up, using a management profile’s SystemExtensions payload. For more information on System Extensions payloads, see System Extensions.
  2. Follow the payload guidance in Cisco Secure Client Extension Approval using MDM to deploy the System Extension settings.

Install the Cisco Secure Client with the configured modules.

  1. Open a Terminal and mount the DMG from /Volumes.
cd /Volumesmount ~/Downloads/csc-writeable.dmghdiutil convert csc-writeable.dmg -format UDRO -o csc-readable.dmghdiutil detach /Volumes/Cisco\ Secure\ Client\ <version>/
  1. Run installer providing the pkg option with the name of the Cisco Secure Client package and the applyChoiceChangesXML option with install_choices.xml.
hdiutil attach ~/Downloads/csc-readable.dmgsudo installer -pkg Cisco\ Secure\ Client\ <version/Cisco\ Secure\ Client.pkg -applyChoiceChangesXML ~/Downloads/install_choices.xml -target /

Where is the current version number of Secure Client.

Customize Windows Installation of Cisco Secure Client < Customize macOS Installation of Cisco Secure Client > Manage Zero Trust Access on Cisco Secure Client

Updated about 1 month ago

Customize macOS Installation of Cisco Secure Client (2024)


Where is the Cisco AnyConnect configuration file on Mac? ›

Operating SystemLocation
Windows 8%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Windows 10/11%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
Mac OS X/opt/cisco/anyconnect/profile /opt/cisco/secureclient/vpn/profile
3 more rows
May 22, 2024

How to deploy Cisco Secure Client via Intune MacOS? ›

How to deploy Cisco Secure Client via Intune (MacOS)
  1. Introduction:
  2. Procedure.
  3. Crafting the Package (PKG):
  4. Uploading Your Newly Crafted Package (PKG):
  5. Configuring a Silent Install of System Extension:
  6. Configuring a Silent Install of Content Filter:
  7. Deploying the PKG to Devices:
  8. Checking the Status of Deployment:
Apr 19, 2024

How do I add a Cisco VPN to my Mac? ›

Install the VPN client
  1. Download the Cisco Secure Client installer for Mac.
  2. Double-click the InstallAnyConnect. ...
  3. When the Welcome window displays, click Continue.
  4. Select your hard drive as the destination where you want to install Cisco Secure Client and then click Continue.

How to uninstall Cisco AnyConnect Secure Mobility Client on Mac? ›

  1. From the Finder go to the Applications folder.
  2. Look for the Cisco folder and open it.
  3. Then double click on Uninstall Anyconnect to start the uninstall process.
  4. Follow instructions to uninstall the VPN program.

Where are VPN settings stored on a Mac? ›

View or modify a VPN configuration

On your Mac, choose Apple menu > System Settings, then click VPN in the sidebar. (You may need to scroll down.)

Where are Cisco device configuration files located? ›

Location of Configuration Files

The running configuration is stored in RAM. On all platforms except the Class A Flash file system platforms, the startup configuration is stored in nonvolatile random-access memory (NVRAM).

How to deploy any application to macOS device using Intune? ›

Select the app package file
  1. In the Add app pane, click Select app package file.
  2. In the App package file pane, select the browse button. Then, select an macOS installation file with the extension . pkg. The app details will be displayed.
  3. When you're finished, select OK on the App package file pane to add the app.
May 20, 2024

What is the team identifier for Cisco Secure Client? ›

Display Name: Cisco Secure Client - System Extensions. System Extension Types: Allow System Extension Types. Team Identifier: DE8Y96K9QP.

How to download cisco secure client? ›

To download the current version of Secure Client, click the download buttons.
  1. In the Download Profiles section: Download the orginfo. json file. The json file is used with the Internet Security module (also known as the Umbrella roaming module). ...
  2. Click Close.
  3. Distribute Secure Client on all end-user devices.

How do I setup a VPN client on my Mac? ›

On your Mac, choose Apple menu > System Settings, then click Network in the sidebar. (You may need to scroll down.) Click the Action pop-up menu on the right, choose Add VPN Configuration, then choose the type of VPN connection you want to set up. Enter a name for the new VPN service in the Display Name field.

How do I install open VPN client on Mac? ›

How do I install the Mac client?
  1. Download the DMG file.
  2. Open the file and double click the box icon to begin the installation.
  3. Give permissions to install on your Mac by entering your credentials when prompted.
  4. Click Close when you get the “installation was successful” message.

How to check Cisco AnyConnect version in Mac? ›

On Mac
  1. Click on the Cisco AnyConnect Secure Mobility Client menu.
  2. In the dropdown menu that appears, click About Cisco AnyConnect. Look for the version number under the application title. ​
Feb 29, 2024

Is Cisco Secure Client the same as AnyConnect? ›

Cisco Secure Client is an upgraded version of Cisco AnyConnect and offers enhanced features, security and performance.

How to disable Cisco AnyConnect Mac? ›

Disable the Cisco Anyconnect VPN Client for MacOSX Catalina
  1. sudo defaults write /Library/LaunchAgents/com. ...
  2. sudo plutil -replace RunAtLoad -bool NO /Library/LaunchAgents/com. ...
  3. The startup thing is prety annoying asking for connection at startup, or for a password, or a certificate, or so...

What is a Cisco AnyConnect secure mobility client? ›

Cisco AnyConnect Secure Mobility Client is a unified security endpoint software product that enables an enterprise to extend its access to support remote users across wired and wireless connectivity and also Virtual Private Network (VPN) connection.

Where is the location of SSH config file in Mac? ›

The default location of a user-specific config file is in ~/. ssh/config, whereas the system-wide configuration file for all users is in /etc/ssh/ssh_config. Both file locations should stay unchanged. A config file is a plain text file with various SSH connection options.

Where is Network configuration on Mac? ›

To open these settings, choose Apple menu > System Settings, then click Network in the sidebar.

Where is the Cisco AnyConnect log on a Mac? ›

Location of AnyConnect Log Files
  1. Windows—\Windows\Inf\ or \Windows\Inf\ ...
  2. macOS (10.12 and later)—the logging database; use Console app or log command to query logs for VPN, DART, or Umbrella.
  3. macOS (legacy file based log)—/var/log/system.log for all other modules.
Jun 29, 2015

How do I view config files on Mac? ›

You can manually locate your configuration file on a Mac by:
  1. From your Desktop, while holding the Alt/Option button, click on the Go menu. ...
  2. Once in the Library folder, click on the De Novo Software folder. ...
  3. Also, as another option to find this folder, click on the Go menu, then select Go To Folder.

Top Articles
Latest Posts
Article information

Author: Gov. Deandrea McKenzie

Last Updated:

Views: 6582

Rating: 4.6 / 5 (46 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Gov. Deandrea McKenzie

Birthday: 2001-01-17

Address: Suite 769 2454 Marsha Coves, Debbieton, MS 95002

Phone: +813077629322

Job: Real-Estate Executive

Hobby: Archery, Metal detecting, Kitesurfing, Genealogy, Kitesurfing, Calligraphy, Roller skating

Introduction: My name is Gov. Deandrea McKenzie, I am a spotless, clean, glamorous, sparkling, adventurous, nice, brainy person who loves writing and wants to share my knowledge and understanding with you.