CUT-5060: Password Manager Install for Managed Users Only

[gweinjc]

Issues

• CUT-5060 - Password Manager Install for Managed Users Only

What does this solve?

This pull request addresses the requested changes to only install the JumpCloud Password Manager for JumpCloud managed users. Previously the application would be installed if the user was managed or not.

Is there anything particularly tricky?

The Mac command has the biggest changes. The previous behavior was that it would install the JumpCloud Password Manager on all user accounts while the Windows command would only install on the current user. We also have to account for Mac device that do not have jq installed and revert to standard Bash to query the .json file.

I made some minor changes to the Windows command using Write-Output instead of Write-Error because it would a clog up the Command log by pasting the entire script to report the error; with Write-Output only the 'error' is returned.

How should this be tested?

• Create a JumpCloud Command for each of the following commands:
  • https://github.com/TheJumpCloud/support/blob/CUT-5060_PWMManagedUsers/PowerShell/JumpCloud%20Commands%20Gallery/Mac%20Commands/Mac%20-%20Install%20JumpCloud%20Password%20Manager%20App.md
  • https://github.com/TheJumpCloud/support/blob/CUT-5060_PWMManagedUsers/PowerShell/JumpCloud%20Commands%20Gallery/Windows%20Commands/Windows%20-%20Install%20JumpCloud%20Password%20Manager%20App.md

Mac Testing

1. Have a Mac VM enrolled in JumpCloud
2. Execute the Mac command - the command should iterate through all the managed users and install Password Manager on them
3. Sign into one of the managed users - validate that PWM is installed
4. Sign into an unmanaged user - validate that PWM is not installed

Windows Testing

1. Have a Windows VM enrolled in JumpCloud
2. Sign into a managed user
3. Execute the Windows command - the command should install JumpCloud Password Manager for that user
4. Sign out and sign into an unmanaged user
5. Execute the Windows command - the command should return an error stating that the current signed in user is not managed and exit 1

---

Note

Medium Risk
Medium risk because it changes install/update targeting logic based on managedUsers.json, which could prevent installs/updates if the managed-users file is missing, unreadable, or parsed incorrectly.

Overview
Password Manager install/update now targets managed users only.

On macOS, the command loads usernames from /opt/jc/managedUsers.json (using jq when available with a grep/sed fallback) and skips all local accounts not in that list for both version checks and app copy/install; it also exits early when no managed home directories are present on forced reinstall.

On Windows, the command now reads $env:ProgramFiles\JumpCloud\Plugins\Contrib\managedUsers.json and exits if the currently logged-in user is not managed, and it switches some failure paths from Write-Error to Write-Output to reduce noisy command logs. Command gallery entries were version-bumped (Mac v2.0.2, Windows v2.0.1) and updated in commands.json.

^{Written by Cursor Bugbot for commit 9580a7d. This will update automatically on new commits. Configure here.}