Deploying Coro with JumpCloud

This guide describes how to deploy the Coro Agent to your macOS endpoint devices through JumpCloud.

Important

JumpCloud does not support dynamic links and requires a non-changing, static URL to deploy apps using their Software Management feature. This is a known limitation - to learn more, see: https://jumpcloud.com/support/software-management-macos.

For this reason, Coro recommends deploying the Agent in one of the following ways:

  1. Via shell script. For full details, see Using a shell script to deploy Coro to macOS devices .
  2. As JumpCloud recommends, self-host the Agent installer package on a cloud storage service such as AWS, Backblaze, or Dropbox. Then, set the installer path to the relevant location in that service. For example:  https://host.com/path/CoroInstaller_123abc-456def-789abc.pkg . Through this method, you can utilize your new static URL to deploy the Agent using JumpCloud's Software Management feature. For information and queries regarding this method, contact JumpCloud support.

To deploy Coro via JumpCloud, perform the following steps:

  1. Sign into the Coro console .
  2. From the toolbar, select Control Panel :

    Control Panel button

  3. Select Devices :

    Devices button

  4. Select the Agent Deployment tab:

    Agent Deployment tab

  5. Select Actions > Download adjacent to the desired macOS Agent version:

    Download link

    The Agent installer is downloaded to your local workstation, ready to be uploaded to the relevant cloud storage location.

  6. Log in to the JumpCloud management portal, then navigate to Device Management > Policy Management .
  7. Select the “+” icon to add a new policy.
  8. Select Mac from the list of platforms at the top of the dialog, then locate the Application Privacy Preferences option and select Configure .

    Setting Application Privacy Preferences

  9. The New Policy dialog appears:

    Adding a new policy

    In the Details tab, locate the Application Information section and configure the following settings:

    • Code Requirement :
      Copy
      Copied
      anchor apple generic and identifier "net.coro.endsec.Coro" and 
      (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate
      1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate
      leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
    • Identifier : net.coro.endsec.Coro
    • Identifier Type : Select "BundleID"
  10. Locate the Privacy Preferences section further down and enable the following settings:
    • Allow Access to All Files
    • SysAdmin Files

    Privacy Preferences options

  11. Select Save to add the new policy.
  12. Repeat steps 4-8 to add a second policy based on the following settings:
    • Code Requirement :
      Copy
      Copied
      anchor apple generic and identifier "net.coro.endsec.CoroService" 
      and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 
      1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate 
      leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)
    • Identifier : net.coro.endsec.CoroService
    • Identifier Type : Select "BundleID"
  13. For the second policy, locate the System Extension option and and select Configure :

    System Extension option

  14. Specify the following settings:
    • Team ID : E3P52EVK39
    • Bundle ID : Select Add Bundle ID to add two IDs: "net.coro.endsec.Coro" and "net.coro.endsec.CoroService"
    • Security Extension : Enable

    System Extension settings

  15. In the main menu bar, select Policy Groups and either:
    • Select the “+” icon to create a new policy group.
    • Choose an existing policy group suitable to distribute the Coro Agent to your devices.

    Policy Groups

  16. In your policy group, perform the following steps:
    1. Select Software Management .
    2. Select the Apple icon, then select the "+" icon to configure the upload settings.
    3. Name your installation, add your Coro Agent installer package cloud storage location URL, then validate the URL.
    4. Select Device Groups or Devices as applicable to configure your device distribution.
    5. Select Save to save your changes.

The configuration is complete.

Coro is distributed and installed during your scheduled or configured cycles.