> ## Documentation Index
> Fetch the complete documentation index at: https://docs.truu.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# ADE Tracker

> TruU provides an authorization plugin that parses various system logs and tries to deduce the end user’s ADE state. This tool is first installation step during the ADE configuration process, preparing the machine to load BEFORE the built-in login screen (as no enrollment has otherwise occurred at this point, the user has no account to log into → the tracker holds the user until MA is fully installed before enrollment).

TruU's ADE Tracker has 4 stages:

1. The machine waits for the MA installer to be deployed
2. The installer is downloaded
3. The MA is installed
4. Once the MA installation is done, the tracker "hides" and MA’s login/enrollment window is shown.

## Step One

Initially, the ADE trackers displaying messaging saying that the machine is preparing to download/is in the process of downloading the TruU Mac Authenticator:

<img src="https://mintcdn.com/truu-2/rjjBxA7Z_Wk_-34G/images/docs/e130792c227e9eef86b9f92dfca7b9c30f7516a059f431baa133b839c69ba0dc-image.png?fit=max&auto=format&n=rjjBxA7Z_Wk_-34G&q=85&s=d9ffbb1e5609e9959d137b761ef49215" alt="" width="1516" height="849" data-path="images/docs/e130792c227e9eef86b9f92dfca7b9c30f7516a059f431baa133b839c69ba0dc-image.png" />

<img src="https://mintcdn.com/truu-2/L38yxuvvUa8uAW5I/images/docs/11ec940f8797c7e64a69ab2df80947eb37482a627d566663508da0bc013d59a0-image.png?fit=max&auto=format&n=L38yxuvvUa8uAW5I&q=85&s=f16bc302c7a0a8f7d6d1071979c186f4" alt="" width="1511" height="843" data-path="images/docs/11ec940f8797c7e64a69ab2df80947eb37482a627d566663508da0bc013d59a0-image.png" />

## Step Two

While the ADE tracker is running, it is checking several locations to determine the Mac Authenticator's download progress:

* JAFM logs (/var/log/jamf.log)
* Installer logs (/var/log/install.log)
* System logs

## Step Three

Once TruU's ADE Tracker recognizes an installation/download in any of the log files, it proceeds to the third stage with the following screen:

<img src="https://mintcdn.com/truu-2/L38yxuvvUa8uAW5I/images/docs/13a0b190c51c37391664ceec43a733c9cdeecf1106a71ffa2a628193189c28c2-image.png?fit=max&auto=format&n=L38yxuvvUa8uAW5I&q=85&s=cc0b3edfd93355ad90cca45ffe51ff48" alt="" width="946" height="528" data-path="images/docs/13a0b190c51c37391664ceec43a733c9cdeecf1106a71ffa2a628193189c28c2-image.png" />

## Step Four

When the Mac Authenticator is fully installed, the tracker closes its window and continues to MA screen. This is checked purely by the presence of our main authorization plugin at\_ /Library/Security/SecurityAgents\_ and is not dependent on any log file.

## Troubleshooting

* The ADE Tracker never disappears
  * It only disappears once our main authentication plugin has completed installation

* If the user sees the built-in login screen asking for their username and password:

  * Either the tracker was not correctly deployed to the system during ADE,
  * or MA’s authentication plugin was already installed. resulting in the ADE tracker stopping,
  * or MA’s authentication plugin is disabled by config.

## Uninstallation / Recovery

* The installation of the tracker goes on as follows:

  * Tracker’s authorization mechanism is added to */var/db/auth.db* so it is invoked during login
  * Tracker’s authorization plugin is copied to\_ /Library/Security/SecurityPlugins/ADETracker.bundle\_
    * **NOTE**: Removing any of those will result in the tracker not being loaded on the next login. The same can be done via ssh with the *pkill loginwindow* command as an alternative to the restart.

## Versioning

* The tracker shares some code with MA so it is good to keep their versions synced.

## Distribution

* The tracker is distributed inside a DMG file, together with MA. Just double-click the **DMG file** and run/upload a PKG file from the mounted volume like before.

***

[MacOS Resetting a user's password](/docs/masos-resetting-users-password)

[MacOS Log Collection after PIN Lockout](/docs/masos-log-collection-after-pin-lockout)