Deploying Coro with JumpCloud

This guide describes how to deploy the Coro Agent to your macOS endpoint devices through JumpCloud.

Important

JumpCloud does not support dynamic links and requires a non-changing, static URL to deploy apps using their Software Management feature. This is a known limitation - to learn more, see: https://jumpcloud.com/support/software-management-macos.

For this reason, Coro recommends deploying the Agent in one of the following ways:

  1. Via shell script. For full details, see Using a shell script to deploy Coro to macOS devices .
  2. As JumpCloud recommends, self-host the Agent installer package on a cloud storage service such as AWS, Backblaze, or Dropbox. Then, set the installer path to the relevant location in that service. For example:  https://host.com/path/CoroInstaller_123abc-456def-789abc.pkg . Through this method, you can utilize your new static URL to deploy the Agent using JumpCloud's Software Management feature. For information and queries regarding this method, contact JumpCloud support.

To deploy Coro via JumpCloud, perform the following steps:

  1. Sign in to the Coro console .
  2. From the sidebar, select Control Panel to access the Control Panel .
  3. Select Devices :

    Devices button

  4. Select the Agent Deployment tab:

    Agent Deployment tab

  5. Select Actions > Download adjacent to the desired macOS Agent version:

    Download link

    The Agent installer is downloaded to your local workstation, ready to be uploaded to the relevant cloud storage location.

  6. Sign in to the JumpCloud Admin Portal , then go to Device Management > Policy Management .
  7. To add a new policy, select + .
  8. Select Mac from the list of platforms at the top of the dialog, then locate the Application Privacy Preferences option and select Configure :

    Setting Application Privacy Preferences

    JumpCloud displays the New Policy dialog:

    Adding a new policy

  9. In the Details tab, locate the Application Information section and configure the following settings:
    • Code Requirement :
      Copy
      Copied
      anchor apple generic and identifier "net.coro.endsec.Coro" and 
      (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate
      1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate
      leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
    • Identifier : net.coro.endsec.Coro
    • Identifier Type : Select BundleID
  10. Locate the Privacy Preferences section further down and enable the following settings:
    • Allow Access to All Files
    • SysAdmin Files

    Privacy Preferences options

  11. Select Save to add the new policy.
  12. Repeat steps 4-8 to add a second policy based on the following settings:
    • Code Requirement :
      Copy
      Copied
      anchor apple generic and identifier "net.coro.endsec.CoroService" 
      and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 
      1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate 
      leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
    • Identifier : net.coro.endsec.CoroService
    • Identifier Type : Select BundleID
  13. For the second policy, locate the System Extension option and and select Configure :

    System Extension option

  14. Specify the following settings:
    • Team ID : E3P52EVK39
    • Bundle ID : Select Add Bundle ID and add the following IDs:
      • net.coro.endsec.Coro
      • net.coro.endsec.CoroService
    • Security Extension : Enable

    System Extension settings

  15. In the sidebar, select Policy Groups and either:
    • Select the + to create a new policy group.
    • Choose an existing policy group suitable to distribute the Coro Agent to your devices.

    Policy Groups

  16. In your policy group, perform the following steps:
    1. Select Software Management .
    2. Select Apple , then select + to configure the upload settings.
    3. Name your installation, add your Coro Agent installer package cloud storage location URL, then validate the URL.
    4. Select Device Groups or Devices as applicable to configure your device distribution.
    5. Select Save to save your changes.

JumpCloud configuration is complete.

Coro is distributed and installed during your scheduled or configured cycles.