Skip to main content
MDM rollout is available on Enterprise plans only.
If your enterprise uses an MDM (Mobile Device Management) tool, you can provision Corridor across all employees automatically. With MDM, developers don’t need to separately install the Corridor extension or sign up—everything is handled for them.

Supported platforms

MDMOS Support
KandjimacOS
IntunemacOS, Windows
JAMFmacOS

Supported IDEs

  • VS Code
  • Windsurf
  • Cursor

Prerequisites

Verifying a domain

In order to use the MDM scripts, you must verify an email domain for your team. Corridor will only provision users with the email domain you have verified.
1

Navigate to Teams

Go to app.corridor.dev/teams.
2

Enter your domain

Go to the Domain Verification section and enter your organization’s domain name (e.g., acme.com).
3

Add DNS record

Copy the DNS TXT record provided and add it to your DNS provider.

Creating a universal team token

In order to use the MDM scripts, you must create a universal team token to identify your team and verify your team admin access.
1

Navigate to Teams

Go to app.corridor.dev/teams.
2

Generate a token

Under Universal Team Tokens, click Generate New Tokens. Add a token name and select an expiration date.
3

Copy the token

Copy the universal team token—you’ll use it in the MDM scripts below.

JAMF (macOS only)

For JAMF, you must create a configuration profile to push the User email and Device serial fields to each managed computer.

Creating a configuration profile

Prerequisites

To set up a JAMF configuration profile, you must have:
  • A push certificate in JAMF Pro. See instructions here.
  • The Enable certificate-based authentication and Enable push notifications settings configured in Jamf Pro. For more information, see Security Settings.
To create the configuration profile:
1

Add configuration profile

In JAMF, go to Computers -> Configuration Profiles. Click New.
2

Setup configuration profile

Set a name like ‘Push plist for Corridor’ with level ‘Computer Level’ and Distribution Method ‘Install automatically’. Set ‘Scope’ to ‘All computers’, or just all the computers you want to have access to Corridor.
3

Upload plist

Go back to ‘Options’, and search for ‘Application & Custom Settings’. Click the arrow underneath, and click ‘Upload’. Click ‘Add’. Set the preference domain to dev.corridor.mdm and set the file contents to
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>UserEmail</key>
    <string>$EMAIL</string>
    <key>SerialNumber</key>
    <string>$SERIALNUMBER</string>
</dict>
</plist>
Or download dev.corridor.mdm.plist and upload those contents.
4

Save configuration

Save your configuration and check that it was pushed to your devices.

Add the Corridor script

1

Create a script

In JAMF, go to Settings and search for Scripts. It should be under Computer management.
2

Download the script

Download the Corridor JAMF script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/jamf-macos.sh -o jamf-macos.sh
3

Add your token

Replace the CORRIDOR_TEAM_TOKEN value at the top of the file with the universal team token you generated.
4

Upload and save

Name the script something along the lines of Corridor Installation Script, and upload the script with the shell/bash language option. Save the script.

Create a policy

1

Create a policy

In JAMF, go to Computers and then Policies. It should be under Content management. Click ‘New’.
2

Set the policy

Set the policy name to be ‘Corridor Installation Policy’. Select ‘Recurring Check-in’ as the trigger (unless otherwise desired), with the execution frequency as ‘Once per computer’. Click ‘Automatically re-run policy on failure’. Set the scope as desired (All computers or specific computers).
3

Add the script to the policy

In options, click Scripts and choose ‘Configure Scripts’. Add the Corridor Installation Script you created in the previous step, and save the policy.
Now, just wait for the scripts to run on the computers the policy is pushed out to. Once users restart their IDEs, they should be automatically signed in to Corridor and the extension installed.

Kandji (macOS only)

For Kandji, you must create a custom profile with global variables before running the Corridor script.

Create a custom profile

1

Add custom profile

In Kandji, go to Library and search for Custom Profile.
2

Download global variable config

Click Custom Profile, then download the Global Variable Config that Kandji supports.
3

Upload the config

Upload the Global Variable config XML to the Custom Profile. Click Continue and add the profile.

Add the Corridor script

1

Create a custom script

In Kandji, go to Library and search for Custom Script. Assign to your desired Blueprints. Select Execution Frequency: Run once per device.
2

Download the script

Download the Corridor Kandji script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/kandji-macos.sh -o kandji-macos.sh
3

Add your token

Replace the CORRIDOR_TEAM_TOKEN value at the top of the file with the universal team token you generated.
4

Upload and save

Upload the file with the correct CORRIDOR_TEAM_TOKEN to Kandji and click Save.

Intune

Intune scripts support both macOS and Windows. You must first generate a Microsoft Graph token with the right permissions—this token is used to retrieve the device email.

Generate a Microsoft Graph token

1

Open Graph Explorer

Go to Microsoft Graph Explorer and sign in.
2

Set permissions

Click Modify Permissions and consent to User.Read permissions. This requires Admin consent.
3

Copy the token

Refresh the page, then click Access token and copy the Microsoft Graph API access token.

Windows

1

Navigate to scripts

On intune.microsoft.com, go to Devices → Scripts and remediations under Manage Devices.
2

Add a script

Click Platform scripts → Add → Windows 10 and Later. Set a name and description.
3

Download the script

Download the Corridor Intune Windows script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/intune-windows.ps1 -o intune-windows.ps1
4

Add your tokens

In the script, replace the CORRIDOR_TEAM_TOKEN value with your universal token, and replace the GRAPH_API_TOKEN value with the Microsoft Graph API access token.
5

Configure script settings

Select Yes for “Run this script using the logged on credentials”, No for “Enforce script signature check”, and No for “Run script in 64 bit Powershell Host”.
6

Assign and save

Assign the script to the selected group of devices and click Save. Sync all devices with bulk device actions to force the script to run.

macOS

1

Navigate to scripts

On intune.microsoft.com, go to Devices → Scripts and remediations under Manage Devices.
2

Add a script

Click Platform scripts → Add → macOS. Add a name and description.
3

Download the script

Download the Corridor Intune macOS script:
curl https://raw.githubusercontent.com/CorridorSecurity/CorridorSecurity/refs/heads/main/mdm/intune-macos.sh -o intune-macos.sh
4

Add your tokens

In the script, replace the CORRIDOR_TEAM_TOKEN value with your universal token, and replace the GRAPH_API_TOKEN value with the Microsoft Graph API access token.
5

Configure script settings

Select Yes for “Run script as signed-in user” and 1 time for “Max number of times to retry if script fails”.
6

Assign and save

Assign the correct groups to the script and click Save. Sync all devices with bulk device actions to force the script to run.