Category filter

Script to add secure token to users on macOS devices

As part of APFS encryption on macOS, Secure Token was implemented to carry out crucial cryptographic tasks. For instance, secure tokens are necessary for enabling FileVault disk encryption, executing kernel and system extensions (KEXTS) and mandating software upgrades. Users cannot execute any crucial actions on a macOS device if they do not have a secure token added to their account. However, the secure token is not automatically granted to accounts created via command-line tools and Active Directory Mobile Accounts. With Hexnode, IT admins can easily add the secure token to any user account using the Execute custom script action.

Scripting Language – Bash

File extension – .sh


The Sample Scripts provided below are adapted from third-party Open-Source sites.

Add Secure token

Execute the script below to add a secure token for a user account by passing the arguments in the following order to replace $1 $2 $3 $4: AdminAccountName AdminPassword UserPassword UserAccountName.

Once the script is executed successfully, you can view a similar output as the following from the Action History tab:

Script output of adding secure token to user in Hexnode portal


  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository