# How to deploy Cisco Secure Client for Mac through Software Deployment?

**Note:** Install the package manually on one of your test machines to check the behavior and prerequisites of the software. Use this information to configure the pre-deployment settings before deploying the package.

## Pre-requisites

### 1. Deploying the System Extensions configuration

1. Log in to the Endpoint Central server web console and navigate to **Configurations** tab → **Configuration** → **Mac** → **System Extensions**.
2. Provide the configuration name as Cisco Secure Client - System Extensions.
3. Under System Extensions, select **Yes** to allow users to approve kernel/system extensions manually.
4. Enter the Team Identifier as (for example: DE8Y96K9QP).
5. Select **Network Extensions** for Allowed Extensions Categories.

![System Extensions Configuration](https://www.manageengine.com/products/desktop-central/help/images/cisco-network-ext.png)

6. Define the **Target**.
7. Enable the option to receive notifications if required.
8. Click **Deploy**.

### 2. Deploying the Background Service Management configuration

1. Log in to the Endpoint Central server web console and navigate to **Configurations** tab → **Configuration** → **Mac** → **Background Service Management configuration**.
2. Provide the Team Identifier as (for example: DE8Y96K9QP).
3. Enter the Bundle ID as (for example: com.cisco.secureclient.gui or com.cisco.*).
4. Specify the Labels: com.cisco.*.

![Background Service Management Configuration](https://www.manageengine.com/products/desktop-central/help/images/cisco-labels.png)

5. **Define the Target**.
6. Enable the option to receive notifications if required.
7. Click **Deploy**.

### 3. Deploying the Web Content Filter Configuration

1. Log in to the Endpoint Central server web console and navigate to **Configurations** tab → **Configuration** → **Mac** → **Web Content Filter**.
2. Provide the name and filter name as Cisco Secure Client.
3. Enter the Plugin Bundle ID as (for example: com.cisco.anyconnect.macos.acsock).
4. Select the filter type as **Socket**.
5. Provide the Socket Filter Bundle Identifier as (for example: com.cisco.anyconnect.macos.acsockext).
6. Enter the Socket Designed Requirement as, for example:

```
anchor apple generic and identifier "com.cisco.anyconnect.macos.acsockext" and 
(certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or 
certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and 
certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and 
certificate leaf[subject.OU] = DE8Y96K9QP)
```

![Web Content Filter Configuration](https://www.manageengine.com/products/desktop-central/help/images/cisco-designed-identifier.png)

7. **Define the Target**.
8. Enable the option to receive notifications if required.
9. Click **Deploy**.

## Deploying Cisco Secure Client package

**1. Manual Package Creation Steps for Mac (Silicon processor machine)**

- Navigate to the **Software Deployment** tab in the Endpoint Central Server web console and under **Package creation**, click **Packages**. Click **Add Packages** and select **Mac**.
- Enter the package name and select the license type.
- Upload all the necessary installation files.
- Provide the installation command as:

```
/usr/bin/arch -arm64 /usr/sbin/installer -pkg "" -target "/Applications"
```

- Click **Add Package** for the package to be added.

**2. Package Creation Steps for Mac (Intel processor machine)**

- Navigate to the **Software Deployment** tab in the Endpoint Central Server web console and under **Package creation**, click **Packages**. Click **Add Packages** and select **Mac**.
- Enter the package name and select the license type.
- Upload the installer directly without any installation command.
- Click **Add package** for the package to be added.

## Steps for installation/uninstallation of the software package

1. Click **Install/Uninstall software for Mac** under the Software Deployment tab and enter the package name and description.
2. Choose the operation type as **Install/Uninstall** and select the required package.
3. Select the deployment policy.
4. Define the **Target**.
5. Choose the execution settings if required.
6. You can select the options to retry the configuration on failed targets according to your choice.
7. Select **Enable notifications** and **Scheduler settings** as per your requirements.
8. Click **Deploy** to deploy the software.