Deploy Aikido Device Protection with JumpCloud

What you'll need

Before starting, make sure you have the following from the Aikido Device Protection dashboard:

• Your Device Protection Token (copied from the user group selector)

• The Shared Root CA Certificate (.pem file — downloaded in the dashboard)

• The Aikido Device Protection installer (.pkg file — downloaded in the dashboard)

If you're missing any of these, go back to the Aikido Device Protection dashboard, click Connect Device, and complete the pre-flight steps.

Add the Aikido Device Protection configuration profile

1. Download the Aikido .mobileconfig file.

2. In the JumpCloud Admin Portal, go to Device Management → Policy Management.

3. Click (+), select the Mac tab, and choose MDM Custom Configuration Profile. Click configure.

4. Give the policy a name (e.g. "Aikido Device Protection").

5. Under Settings, click upload file and select the downloaded .mobileconfig file.

6. Select the Device Groups tab and assign the policy to the target device group.

7. Click save.

This profile allows the Aikido Device Protection system extension to load silently, enables the network content filter, and stops users from disabling background services in System Settings → Login Items.

Deploy the Aikido Device Protection CA certificate

1. In the JumpCloud Admin Portal, go to Device Management → Policy Management.

2. Click (+), select the Mac tab, and choose Certificate.

3. Upload the Shared Root CA Certificate (.pem file) and assign the policy to the same device group.

4. Click save.

Create the pre-install command

1. In the JumpCloud Admin Portal, go to Device Management → Commands.

2. Click + Command and select Command.

3. Set Run As to root.

4. Enter the script below. Replace AIK_SAFE_CHAIN_TOKEN with your real token.

#!/bin/zsh
# Write the token so the agent registers with the correct user group
echo "AIK_SAFE_CHAIN_TOKEN" > /tmp/aikido_endpoint_token.txt
# Signals the installer to run completely silently, with no user prompts
touch /tmp/aikido_endpoint_mdm_install.txt

1. Select the Device Groups tab and assign the command to the same device group.

2. Click save.

3. Run the command using Run Now before you deploy the package.

Upload the Aikido Device Protection installer

1. In the JumpCloud Admin Portal, go to Device Management → Software Management → Apple.

2. Click (+Add New) and select JumpCloud Private Repo.

3. Enter an Application Name (e.g. "Aikido Device Protection").

4. Under Upload File, upload the Aikido Device Protection .pkg file and click Upload.

5. Once processing completes, select the Device Groups tab and assign the app to the same device group.

6. Click save, then confirm the install.

Deploy in the right order

Deploy the configuration profile and CA certificate before the installer for a smoother rollout.

1. Assign and save the Aikido Device Protection configuration policy.

2. Assign and save the Aikido Device Protection CA certificate policy.

3. Verify both are installed on a test device — JumpCloud doesn't guarantee delivery order within a device group.

4. Run the pre-install command to write the token, then deploy the Aikido Device Protection app.

Reboot devices after installation

1. In the JumpCloud Admin Portal, go to Device Management → Commands.

2. Click + Command, select MDM Command, and choose Restart Device.

3. Assign it to the same device group and click Run Now.

The agent fully activates on the next boot.

Verify the deployment

On a test device, confirm:

1. The system extension is activated:

   Copy

   systemextensionsctl list | grep aikido

   Expect to see the extension marked [activated enabled].

2. Open System Settings → General → Login Items & Extensions and confirm the Aikido Device Protection entries cannot be toggled off.