SurePath AI Proxy Integration for Windows via Rippling
This document describes how to configure Rippling to distribute the SurePath AI proxy PAC URL and root CA certificate to Windows devices. These two configurations are covered in the sections below. The configuration needed for MacOS is considerably different and is located in this document.
Supported platforms
Windows 10 1809 and later (including Windows 11)
About this document
This document covers creating the required policy that distributes the proxy configuration and the root CA certificate. It does not include steps on any other parts of the Rippling platform or cover how to enroll devices in Rippling.
The SurePath AI PAC file
SurePath AI distributes its proxy information via a Proxy Auto-Config (PAC) file. This PAC file contains all the information needed to direct only generative AI traffic to the SurePath AI proxy service while sending other traffic via their normal route.
The use of a PAC file also allows SurePath AI to update the list of generative AI domains. Most operating systems and browsers will request the PAC file every 1-2 hours and if a new file can’t be retrieved the current one will continue to be used.
The SurePath AI root CA certificate
Just like other network security and SASE vendors, certificate trust allows SurePath AI to intercept and apply policy to connections to generative AI website. The SurePath AI root CA certificate needs to be trusted by all devices that need to be governed by SurePath AI.
Configure Rippling for Windows devices
All configuration in this section takes place within the Rippling admin dashboard located at https://app.rippling.com/dashboard and unless otherwise stated, all instructions start from this URL. You must ensure you are using an Admin account and not your Employee account. This can be verified by clicking on the user avatar in the upper-right-most area of the dashboard.
Important note
Rippling does not support native Windows configurations or GPO for Proxy PAC URL distribution or root certificate distribution. Because of this, a single PowerShell script is used to configure Windows endpoints with both the SurePath AI Proxy PAC URL and SurePath AI root CA certificate. Since this is deployed with a script, SurePath AI also provides a removal script which removes all configurations from the installation script.
Prerequisites
Acquire the SurePath AI setup scripts
Login to https://admin.surepath.ai
Navigate to Connectors in the CONFIGURE section and click ADD CONNECTOR
Provide a descriptive name for the connector (for example, "PAC File - Active Directory")
Select Proxy as the connector type
Click SAVE to generate your unique PAC file URL and scripts and profiles package
Click DOWNLOAD on the bottom of the connector details page under MDM Files
Creating the Rippling Script configuration for deploying the SurePath AI configuration
In the left menu bar, navigate to IT > Devices
Click the Scripts tab at the top
Click the Add Script
On Add Script modal, enter the following configuration values:
Enter a Script Name, such as SurePath AI Configuration
For Target Platform, select Windows Machines Only
Select Device under the Select menu
Add the devices that will be receiving this configuration
For Frequency of execution, select One-time
It is recommended to check Run on newly enrolled devices meeting the group definition to deploy the configuration to new Windows devices that get added to the Rippling inventory after deploying the script
It is recommended to check Run the script now to deploy the configuration to all Windows devices in the Rippling inventory
Click Submit
Verifying the SurePath AI integration
After completing the deployment, verify that the endpoint is properly integrated using the SurePath AI Ready tool.