Deploying the Harmony SASE Agent

You can deploy the Harmony SASE Agent manually or using a Mobile Device Management (MDM) provider.

Deploying the Agent Manually

To deploy the agent manually:

Invite Members

The system sends an email to members with a link to accept the invite and download the Harmony SASE Agent. The invitation is valid for 30 days. If the invitation expires, you must resend the invitation.
Download the agent and distribute it manually, for example, through email.
Copy the agent download link and share it manually, for example, through email.

Deploying the Agent Using an MDM Application

You can deploy the agent using any of these popular Mobile Device Management (MDM) applications:

Cisco Meraki
JAMF Cloud
ManageEngine
Microsoft Intune
Microsoft System Center Configuration Manager (SCCM)
MobileIron
VMWare AirWatch

Transparent Internet Access Installation

Note - Applies to Harmony SASE Agent version 11.5 and higher.

The Transparent Internet Access enforces internet security immediately upon agent installation, without requiring any end-user interaction.

The remote installation process bypasses both device and member registration while ensuring that users receive the latest security policies, even if they have not signed in to the agent.

You can generate a unique installation key from the platform download page. This key is visible only to Admin users. Once generated, the key validity cannot be modified.

Note - Private Access remains restricted until the user authenticates and registers on the platform.

Seamless Internet Access installation requires sending a combination of three command line parameters during the agent installation process:

REGION
INSTALLATION_KEY
USER_EMAIL

Common Commands

Operating System	Windows (.msi installation flags for versions 11.0 and above):	Windows (.msi installation flags for legacy versions (up to 11.0):	macOS	Linux (installation flags):
Command for			macOS	Linux (installation flags):
Silent Installation	`msiexec /quiet /i Harmony_SASE_x.x.x.xxx.msi` To know the installation status after the silent installation, run: `start /wait msiexec /quiet /i “Harmony_SASE_x.x.x.xxx.msi"` `echo %errorlevel%`	`msiexec /quiet /i Perimeter81_x.x.x.xxx.msi` To know the installation status after the silent installation, run: `start /wait msiexec /quiet /i “Perimeter81_x.x.x.xxx.msi"` `echo %errorlevel%`	For version 11.0.10 and above: `$ sudo installer -pkg Harmony_SASE_x.x.x.xxx.pkg -target /` For legacy versions (up to 11.0.10): `$ sudo installer -pkg Perimeter81_x.x.x.xxx.pkg -target /` To change the agent permissions after the installation, run: `$ sudo chown -R $(stat -f%Su /dev/console) "/Applications/Perimeter 81.app"` `$ chmod -R u=rwx "/Applications/Perimeter 81.app"`
Pre-populating the tenant or workspace name	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"`	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"`	`$ sudo defaults write com.perimeter81d workspace workspace_name` To remove pre-populated workspace/tenant name, run: `$ sudo defaults delete com.perimeter81d workspace` This is supported only with agent version 8.0.4.116 and higher.	To pre-populae the workspace name, run: `/opt/Perimeter81/perimeter81 ctl set-prepopulate-tenant-id workspace_name` Replace "`workspace_name`" with your actual workspace
Pre-populating the data residency region	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	`$ sudo defaults write com.perimeter81d region "EU or US"` For `region`, add `"EU"` for Europe and `"US"` for America.
Pre-populating the tenant or workspace name and data residency region	`msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	`msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"` For `REGION`, add `"EU"` for Europe and `"US"` for America.	To pre-populating the tenant or workspace name, run: `$ sudo defaults write com.perimeter81d workspace workspace_name` To pre-populating the data residency region, run: `$ sudo defaults write com.perimeter81d region "EU or US"` For `region`, add `"EU"` for Europe and `"US"` for America.
Transparent user registration, using tenant installation and user installation (applies for version 11.5 and above)	`msiexec /quiet /i "Harmony_SASE_XX.XX.XX.XXXX.msi" REGION="EU or US" TENANT_TOKEN="Installation Token" EMAIL="User@email.com"`
Transparent user registration, using tenant installation and user installation (applies for version 11.3 and higher)			`$ sudo defaults write com.perimeter81d REGION "EU or US" TENANT_TOKEN "Installation Token" EMAIL "User@email.com"`
Uninstallation	`msiexec /x "Harmony_SASE_x.x.x.xxx.msi"`	`msiexec /x "Perimeter81_x.x.x.xxx.msi"`	Run the uninstall script.