# Deploy Aikido Device Protection with Rippling Use Rippling to deploy Aikido Device Protection across your managed macOS fleet with the required permissions in place. {% hint style="info" %} All devices must be enrolled in Rippling MDM before you begin. {% endhint %} ## Installation {% stepper %} {% step %} **Get your Aikido Device Protection token and package** Open [Aikido Device Protection](https://app.aikido.dev/endpoint-protection/devices) and click **Connect Device**. Download the Aikido Device Protection `.pkg` and copy your device protection token. {% endstep %} {% step %} **Upload the Aikido Device Protection configuration profile** 1. [Download the Aikido `.mobileconfig` file](https://raw.githubusercontent.com/AikidoSec/safechain-internals/refs/heads/main/docs/aikido-endpoint.mobileconfig). 2. In Rippling, go to **IT** → **Device Management** → **Configurations** and select the **macOS** tab. 3. Click **Upload**. 4. Enter a **Policy name** (e.g. "Aikido Device Protection"). 5. Set **Platform** to **macOS**. 6. Drop or select the downloaded `.mobileconfig` file. 7. Click **Save & continue**. {% hint style="info" %} Rippling requires `.mobileconfig` uploads to be done from a Mac. Uploading from another operating system may silently fail. {% endhint %} This profile allows the Aikido Device Protection system extension to load silently, enables the network content filter, and stops users from disabling background services in System Settings → Login Items. {% endstep %} {% step %} **Deploy the configuration profile** 1. In **Configurations**, switch to the **Everything Else** tab. 2. Find the profile you just created. 3. Click the **three-dot menu** on the right and select **Deploy**. 4. Select the target employees or devices and click **Save**. {% endstep %} {% step %} **Upload the Aikido Device Protection installer** 1. In Rippling, go to **IT** → **Software**. 2. Click **Upload Software**. 3. Fill in the following fields: * **Name:** Aikido Device Protection * **Operating System:** macOS * **Description:** Aikido Device Protection 4. Under **Upload Installer File**, drop or select the Aikido Device Protection `.pkg` file. 5. Under **Pre-install script**, paste the script below. Replace `AIK_SAFE_CHAIN_TOKEN` with your real token. ```bash #!/bin/zsh echo "AIK_SAFE_CHAIN_TOKEN" > /tmp/aikido_endpoint_token.txt ``` 6. Click **Submit**. 7. Click **Add** on the newly created software item, then click **Finished Selecting**. {% endstep %} {% step %} **Deploy in the right order** {% hint style="warning" %} Order matters. The configuration profile must reach the device before the pkg. If the pkg installs first, macOS can ask the user for extra permissions. {% endhint %} 1. Deploy the **Aikido Device Protection** configuration profile and confirm it is installed on a test device. 2. Find the **Aikido** **Device Protection** software item under **IT** → **Software**, click **Edit**, select the target employees or devices, and click **Save**. {% hint style="info" %} Newly created software items in Rippling may stay in a "Pending" status for a few minutes before they can be deployed. {% endhint %} {% endstep %} {% step %} **Verify the deployment** On a test device, confirm: 1. The system extension is activated: ```bash systemextensionsctl list | grep aikido ``` Expect to see the extension marked `[activated enabled]`. 2. Open **System Settings** → **General** → **Login Items & Extensions** and confirm the Aikido Device Protection entries cannot be toggled off. {% endstep %} {% endstepper %} ## Troubleshooting | Problem | Fix | | ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | | Users still see the popup | Make sure the configuration profile is scoped correctly and installed before the package policy runs | | Extension is waiting for user approval | Check the System Extensions payload and confirm the team ID and bundle ID match exactly | | The package installs but the device does not connect | Confirm the token script ran before the package install and that the token was copied correctly | | Duplicate extension entries appear | Reboot the device | | The content filter is not approved silently | Re-upload the `.mobileconfig` profile and verify it is installed on the device | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/aikido-device-protection/deploying-aikido-endpoint/deploy-aikido-endpoint-with-rippling.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.