Deploying Coro with JumpCloud¶

This guide describes how to deploy the Coro Agent to your macOS endpoint devices through JumpCloud.

Important

JumpCloud does not support dynamic links and requires a non-changing, static URL to deploy apps using their Software Management feature. This is a known limitation - to learn more, see: https://jumpcloud.com/support/software-management-macos.

For this reason, Coro recommends deploying the Agent in one of the following ways:

Via shell script. For full details, see Using a shell script to deploy Coro to macOS devices.
As JumpCloud recommends, self-host the Agent installer package on a cloud storage service such as AWS, Backblaze, or Dropbox. Then, set the installer path to the relevant location in that service. For example: https://host.com/path/CoroInstaller_123abc-456def-789abc.pkg. Through this method, you can utilize your new static URL to deploy the Agent using JumpCloud's Software Management feature. For information and queries regarding this method, contact JumpCloud support.

To deploy Coro via JumpCloud, perform the following steps:

Sign into the Coro console.
From the toolbar, select Control Panel:
Select Devices:
Select the Agent Deployment tab:
Select Actions > Download adjacent to the desired macOS Agent version:

The Agent installer is downloaded to your local workstation, ready to be uploaded to the relevant cloud storage location.
Log in to the JumpCloud management portal, then navigate to Device Management > Policy Management.
Select the “+” icon to add a new policy.
Select Mac from the list of platforms at the top of the dialog, then locate the Application Privacy Preferences option and select Configure.

The New Policy dialog appears:

In the Details tab, locate the Application Information section and configure the following settings:

Code Requirement:

anchor apple generic and identifier "net.coro.endsec.Coro" and 
(certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate
1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate
leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)

Identifier: net.coro.endsec.Coro
Identifier Type: Select "BundleID"

Locate the Privacy Preferences section further down and enable the following settings:
- Allow Access to All Files
- SysAdmin Files
Select Save to add the new policy.

Repeat steps 4-8 to add a second policy based on the following settings:

Code Requirement:

anchor apple generic and identifier "net.coro.endsec.CoroService" 
and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 
1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate 
leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E3P52EVK39)

Identifier: net.coro.endsec.CoroService
Identifier Type: Select "BundleID"

For the second policy, locate the System Extension option and and select Configure:
Specify the following settings:
- Team ID: E3P52EVK39
- Bundle ID: Select Add Bundle ID to add two IDs: "net.coro.endsec.Coro" and "net.coro.endsec.CoroService"
- Security Extension: Enable
In the main menu bar, select Policy Groups and either:
- Select the “+” icon to create a new policy group.
- Choose an existing policy group suitable to distribute the Coro Agent to your devices.
In your policy group, perform the following steps:
1. Select Software Management.
2. Select the Apple icon, then select the "+" icon to configure the upload settings.
3. Name your installation, add your Coro Agent installer package cloud storage location URL, then validate the URL.
4. Select Device Groups or Devices as applicable to configure your device distribution.
5. Select Save to save your changes.

The configuration is complete.

Coro is distributed and installed during your scheduled or configured cycles.