Deploying Coro with JumpCloud

This guide describes how to deploy the Coro Agent to your macOS endpoint devices through JumpCloud.

Important

JumpCloud does not support dynamic links and requires a non-changing, static URL to deploy applications using their Software Management feature. This is a known limitation - to learn more, see: https://jumpcloud.com/support/software-management-macos.

Coro recommends deploying the Agent in one of the following ways:

To deploy the Coro Agent via JumpCloud, complete the following processes:

  1. Download the Coro Agent installer .
  2. Configure JumpCloud policies .

Prerequisites

Make sure you have the following prerequisites:

  • Admin access to an active JumpCloud environment, configured to allow package and configuration deployment to your devices.
  • Coro Agent installer (.pkg) file.

Downloading the Coro Agent installer

To download the Coro Agent installer package:

  1. Sign in to the Coro console .
  2. From the sidebar, select Control Panel to access the Control Panel .
  3. Select Devices :

    Devices button

  4. Select Agent Deployment :

    Agent Deployment tab

  5. Select ACTIONS > Download adjacent to the macOS Agent version you want to install:

    Download link

    Coro downloads the Agent installer to your device, ready for hosting in cloud storage.

Configuring JumpCloud policies

Perform the following steps to configure the JumpCloud policies for deploying the Coro Agent on a group of devices:

  1. Sign in to the JumpCloud Admin Portal ( https://console.jumpcloud.com/login ), and then go to DEVICE MANAGEMENT > Policy Management .
  2. Create policies for application privacy preferences .
  3. Create a policy for approving system extensions .
  4. Create a policy for automatically approving Coro notifications .
  5. Create a policy for automatically approving Coro’s web content filter .
  6. Apply the policies to a group of devices .

Creating policies for application privacy preferences

To create policies for application privacy preferences:

  1. To create a policy, select + :

    Policy Management

    JumpCloud displays the New Policy dialog.

  2. At the top of the dialog, select Mac :

    New Policy

    JumpCloud displays the Mac tab.

  3. Locate Application Privacy Preferences and select configure :

    Settings Application Privacy Preferences

    JumpCloud displays the Details tab:

    Settings Application Privacy Preferences

  4. (Optional) In Policy Name enter a new name for the custom configuration profile policy or keep the default.
  5. Locate and select Application Information . Configure the following settings:
    • Code Requirement : Copy and paste
      Copy
      Copied
      anchor apple generic and identifier "net.coro.endsec.Coro" and 
      (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate
      1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate
      leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
      note

      Do not change the code as it results in Apple not approving the policy.

    • Identifier : Enter net.coro.endsec.Coro
    • Identifier Type : Select BundleID

    Adding a new policy

  6. Locate Privacy Preferences and enable the following settings:
    • Allow Access to All Files
    • Allow Access to SysAdmin Files

      Privacy Preferences options

      Select Save to add the new policy.

  7. Add a second policy by repeating steps 1 - 6 , but for Application Information configure the following settings:
    • Code Requirement : Copy and paste
      Copy
      Copied
       anchor apple generic and identifier "net.coro.endsec.CoroService" 
       and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 
       1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate 
       leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
    • Identifier : Enter net.coro.endsec.CoroService
    • Identifier Type : Select BundleID

      Privacy Preferences options

  8. Add a third policy by repeating steps 1 - 6 , but for Application Information configure the following settings:
    • Code Requirement : Copy and paste
      Copy
      Copied
        anchor apple generic and identifier "net.coro.endsec.TrafficService" 
        and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 
        1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate 
        leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
    • Identifier : Enter net.coro.endsec.TrafficService
    • Identifier Type : Select BundleID

      Privacy Preferences options

Creating a policy for approving system extensions

To create a policy for approving system extensions:

  1. From the Policy Management page, Select + .
  2. At the top of the dialog, select Mac :
  3. Locate System Extension and select configure :

    System Extension option

  4. Specify the following settings:
    • (Optional) In Policy Name enter a new name for the custom configuration profile policy or keep the default.
    • team ID : Enter E3P52EVK39
    • Bundle ID : For each of the following, select Add Bundle ID and add the ID:
      • net.coro.endsec.Coro
      • net.coro.endsec.CoroService
      • net.coro.endsec.TrafficService
    • Security Extension : Enable

    System Extension option

  5. Select Save .

Creating a policy for automatically approving Coro notifications

To create a policy for automatically approving notifications:

  1. Go to DEVICE MANAGEMENT > Policy Management . Select + to create a policy.
  2. At the top of the dialog, select Mac .
  3. Locate App Notification Settings and select configure :

    System Extension settings

  4. On the Details tab, specify the following settings:
    • (Optional) In Policy Name enter a new name for the custom configuration profile policy or keep the default.
    • Bundle Identifier : Enter net.coro.endsec.Coro
    • Select the alert types to automatically approve for devices using this policy:

      Policy Groups

  5. Select Save .

Creating a policy for automatically approving Coro’s web content filter

Create a configuration profile policy by creating a configuration file and then creating a policy that uses it.

To create a policy for automatically approving or enabling Coro’s web content filter:

  1. Copy the following configuration listing:
    Expand for configuration listing
    Copy
    Copied
    <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1">
        <dict>
            <key>PayloadUUID</key>
            <string>7E53AC50-B88D-4132-99B6-29F7974EAA3C</string>
            <key>PayloadType</key>
            <string>Configuration</string>
            <key>PayloadOrganization</key>
            <string>Coronet Cyber Security</string>
            <key>PayloadIdentifier</key>
            <string>7E53AC50-B88D-4132-99B6-29F7974EAA3C</string>
            <key>PayloadDisplayName</key>
            <string>Coro System Extensions</string>
            <key>PayloadDescription</key>
            <string/>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>PayloadEnabled</key>
            <true/>
            <key>PayloadScope</key>
            <string>System</string>
            <key>PayloadContent</key>
            <array>
                <dict>
                    <key>PayloadUUID</key>
                    <string>2BA070D9-2233-4827-AFC1-1F44C8C8E527</string>
                    <key>PayloadType</key>
                    <string>com.apple.webcontent-filter</string>
                    <key>PayloadOrganization</key>
                    <string>Coronet Cyber Security</string>
                    <key>PayloadIdentifier</key>
                    <string>CEBF7A71-D9A1-48BD-8CCF-BD9D18EC155A</string>
                    <key>PayloadDisplayName</key>
                    <string>Approved Network Extension</string>
                    <key>PayloadDescription</key>
                    <string/>
                    <key>PayloadVersion</key>
                    <integer>1</integer>
                    <key>PayloadEnabled</key>
                    <true/>
                    <key>FilterType</key>
                    <string>Plugin</string>
                    <key>UserDefinedName</key>
                    <string>Coro Network Extension</string>
                    <key>PluginBundleID</key>
                    <string>net.coro.endsec.Coro</string>
                    <key>FilterSockets</key>
                    <true/>
                    <key>FilterDataProviderBundleIdentifier</key>
                    <string>net.coro.endsec.TrafficService</string>
                    <key>FilterDataProviderDesignatedRequirement</key>
                    <string>identifier &quot;net.coro.endsec.TrafficService&quot; and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39</string>
                </dict>
            </array>
        </dict>
    </plist>
  2. Paste the configuration listing into a text editor and save it as coroagent.mobileconfig .
  3. Go to DEVICE MANAGEMENT > Policy Management . Select + to create a policy.
  4. At the top of the dialog, select Mac .
  5. Locate MDM Custom Configuration Profile , then select configure :

    MDM Custom Configuration Profile

  6. (Optional) In Policy Name enter a new name for the custom configuration profile policy or keep the default.
  7. Under Settings , select upload file :

    Upload file

  8. Select coroagent.mobileconfig and select Open .
  9. Upload the coroagent.mobileconfig file to the custom configuration profile and select Save .

Applying the policies to a group of devices

This section describes the steps to apply the policies to a group of devices:

To apply the new Coro policies to a group of devices:

  1. Go to DEVICE MANAGEMENT > Device Groups :

    Device Group

  2. Select a group of devices to apply the policies to. Alternatively, select + to create a group, and then select the new group.
  3. Select Policies .

    JumpCloud displays the Policies tab:

    Policies tab

  4. From the list of policies, select the new policies, then select Save .
  5. Go to DEVICE MANAGEMENT > Policy Groups . Select one of:
    • + to create a policy group.
    • An existing policy group suitable to distribute the Coro Agent to your devices:

      Policy Groups

  6. Go to DEVICE MANAGEMENT > Software Management :

    Policy Groups

    JumpCloud opens the Software Management page.

  7. Select Apple , then select + to configure the upload settings.
  8. On the Details tab, in Software Description , enter a name for your installation package. In Software Package URL add your Coro Agent installer package cloud storage location URL, and then select Validate to validate the URL:

    Software Management

    note

    If this method fails due to JumpCloud validation failure of external URL package hosting, Coro recommends deploying the Coro Agent via shell script. To execute a command in JumpCloud, go to Device Management > Commands. Select + and set Type to Mac. If you experience issues executing commands, contact JumpCloud Support.

  9. Select Device Groups or Devices as applicable to configure your device distribution.
  10. Select Save to save your changes.

The JumpCloud configuration is complete. Your JumpCloud schedule determines when to distribute and install the Coro Agent.