🔑 Full disk access

Manually

System extensions reqire FDA for both the macOS application and the Extension. When loading the Extension for the first time, macOS will prompt you to confirm loading the extension manually.

To confirm loading the extension, go to System Settings > Privacy & Security pane, scroll down to the Security section and click allow to.
To enable FDA for logga, go to System Settings > Privacy & Security > Full Disk Access, then enable logga and Logga Extension (or daemon, in case you are using logga-daemon).

good to know

Enabling FDA may restart the application.

The Full Disk Access panel should look like this after FDA was enabled.

Approving Full Disc Access manually

With MDM

If your organization utilizes MDM, you can benefit from a "hands-free" (without physical access to the macOS machine) setup experience. The next sections will showcase valid MDM policies that you can deploy with tools like Jamf, Kandji, etc.

Relevant Apple documentation:

Approve logga system extension automatically

Please note

A payload with system scope can only by deployed by a MDM server. Users won’t be able to install the configuration profile as mobileconfig files. The authoritative organization will need to push it using an MDM server.

xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1">
<dict>
	<key>PayloadUUID</key>
	<string>56815aec-fd14-4fe8-84c9-b2977e7b269c</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadOrganization</key>
	<string></string>
	<key>PayloadIdentifier</key>
	<string>com.logga.client.extension-policy.56815aec-fd14-4fe8-84c9-b2977e7b269c</string>
	<key>PayloadDisplayName</key>
	<string>System Extensions</string>
	<key>PayloadDescription</key>
	<string>Configures macOS to automatically enable logga's EndpointSecurityExtension</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
	<key>PayloadEnabled</key>
	<true/>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadUUID</key>
			<string>ef1157d5-dc28-4f49-a119-123382e77e1b</string>
			<key>PayloadType</key>
			<string>com.apple.system-extension-policy</string>
			<key>PayloadOrganization</key>
			<string>logga</string>
			<key>PayloadIdentifier</key>
			<string>com.logga.client.extension-policy.ef1157d5-dc28-4f49-a119-123382e77e1b</string>
			<key>PayloadDisplayName</key>
			<string>logga System Extension</string>
			<key>PayloadDescription</key>
			<string/>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>PayloadEnabled</key>
			<true/>
			<key>AllowUserOverrides</key>
			<true/>
			<key>AllowedTeamIdentifiers</key>
			<array>
				<string>TU5C5A99Z3</string>
			</array>
			<key>AllowedSystemExtensionTypes</key>
			<dict>
				<key>TU5C5A99Z3</key>
				<array>
					<string>EndpointSecurityExtension</string>
				</array>
			</dict>
		</dict>
	</array>
</dict>
</plist>

Enable FDA automatically

To automatically enable FDA for logga, logga daemon and the extension itself, you may use the following profile.

xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string>Configures Privacy Preferences Policy Control settings</string>
			<key>PayloadDisplayName</key>
			<string>Privacy Preferences Policy Control</string>
			<key>PayloadIdentifier</key>
			<string>com.logga.client.extension.47d924f3-94fd-48a6-a065-ad2674faa085.com.apple.TCC.configuration-profile-policy.d4400d86-3aa1-439e-b601-05eb65feba1d</string>
			<key>PayloadOrganization</key>
			<string></string>
			<key>PayloadType</key>
			<string>com.apple.TCC.configuration-profile-policy</string>
			<key>PayloadUUID</key>
			<string>d4400d86-3aa1-439e-b601-05eb65feba1d</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.logga.client.extension"</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.logga.client.extension</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.logga.client"</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.logga.client</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.logga.client.daemon"</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.logga.client.daemon</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
				</array>
				<key>SystemPolicySysAdminFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.logga.client.extension"</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.logga.client.extension</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.logga.client"</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.logga.client</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.logga.client.daemon"</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.logga.client.daemon</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
				</array>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Grant Full Disk Access to the logga applications</string>
	<key>PayloadDisplayName</key>
	<string>logga FDA</string>
	<key>PayloadIdentifier</key>
	<string>com.logga.client.extension.47d924f3-94fd-48a6-a065-ad2674faa085</string>
	<key>PayloadOrganization</key>
	<string>logga</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>47d924f3-94fd-48a6-a065-ad2674faa085</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

Configure logga with MDM Configuration Profile

See the relevant part in the configuration section.

🔑 Full disk access ​

Manually ​

With MDM ​

Approve logga system extension automatically ​

Enable FDA automatically ​