Skip to main content

Rippling - Distributing Configuration for MacOS

Describes deploying proxy PAC URL and root CA to macOS via Rippling using Global HTTP Proxy and Certificate Root configs. Covers macOS library paths and verification.

Updated over a month ago

SurePath AI Proxy Integration for MacOS via Rippling

This document describes how to configure Rippling to distribute the SurePath AI proxy PAC URL and root CA certificate to MacOS devices. These two configurations are covered in the sections below. The configuration needed for Windows is considerably different and is located in this document.

Supported platforms

  • MacOS 10.15 (Catalina) and later

About this document

This document covers creating the required policy that distributes the proxy configuration and the root CA certificate. It does not include steps on any other parts of the Rippling platform or cover how to enroll devices in Rippling.

The SurePath AI PAC file

SurePath AI distributes its proxy information via a Proxy Auto-Config (PAC) file. This PAC file contains all the information needed to direct only generative AI traffic to the SurePath AI proxy service while sending other traffic via their normal route. For a full explanation of how PAC files work and available customization options, see Overview of SurePath AI PAC Files.

The use of a PAC file also allows SurePath AI to update the list of generative AI domains. Most operating systems and browsers will request the PAC file every 1-2 hours and if a new file can’t be retrieved the current one will continue to be used.

The SurePath AI root CA certificate

Just like other network security and SASE vendors, certificate trust allows SurePath AI to intercept and apply policy to connections to generative AI website. The SurePath AI root CA certificate needs to be trusted by all devices that need to be governed by SurePath AI.

Configuring Rippling for MacOS devices

All configuration in this section takes place within the Rippling admin dashboard located at https://app.rippling.com/dashboard and unless otherwise stated, all instructions start from this URL. You must ensure you are using an Admin account and not your Employee account. This can be verified by clicking on the user avatar in the upper-right-most area of the dashboard.

Prerequisites

The SurePath AI proxy PAC URL and root CA certificate needed for these steps can be downloaded from https://admin.surepath.ai:

  • Click the Organization menu, under Configure section, on the left

  • Select the Integrations tab

  • The SurePath AI Root CA Certificate is available in the File Downloads section

    • Download the certificate using the CER option

  • The SurePath AI Proxy PAC URL is available in the Proxy and Provider URLs section

    • Copy the URL using the copy icon on the right side of the text box

Creating the Rippling configuration for MacOS proxy PAC URL distribution

  • Go to https://app.rippling.com/dashboard

  • In the left menu bar, navigate to IT > Devices

  • Click the Configurations tab at the top

  • Click the macOS library tab

  • In the list, either search or scroll to Global HTTP Proxy

    • Click the Create button on the right

  • On the new page, enter the following configuration values:

    • Enter a Configuration Name, such as SurePath AI Proxy PAC URL

    • Enter a Configuration description if desired

    • For Proxy Type, select Auto

    • Leave the Proxy Username and Proxy Password blank

    • For Proxy PAC URL, enter the URL retrieved in the prerequisite step above

    • Leave all other options unchecked

  • Click Save & continue

  • In the Deploy configuration modal, select Device

    • Add the devices that will be receiving this configuration

  • Click Deploy

Creating the Rippling configuration for MacOS root CA distribution

  • Go to https://app.rippling.com/dashboard

  • In the left menu bar, navigate to IT > Devices

  • Click the Configurations tab at the top

  • Click the macOS library tab

  • In the list, either search or scroll to Certificate Root

    • Click the Create button on the right

  • On the new page, enter the relevant configurations

    • Enter a Configuration Name, such as SurePath AI Root CA Certificate

    • Enter a Configuration description if desired

    • For Certificate Name, enter a label such as SurePath AI Root CA Certificate

    • Either drop or select the certificate that was retrieved in the prerequisite step above

  • Click Save & continue

  • In the Deploy configuration modal, select Device

    • Add the devices that will be receiving this configuration

  • Click Deploy

Verifying the SurePath AI integration

After completing the deployment, verify that the endpoint is properly integrated using the SurePath AI Ready tool.

Related Articles
Rippling - Distributing Configuration for Windows
Jamf Pro - Distributing Configuration for Apple devices
Microsoft Intune - Distributing configuration for Windows
Microsoft Intune - Distributing configuration for macOS
Manual Installation of PAC URL and Root CA on macOS (Testing Only)
Did this answer your question?