Jamf Pro
  • 25 Mar 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Jamf Pro

  • Dark
    Light
  • PDF

Article Summary

Jamf Pro is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.

Note:

Offical Jamf recommendation is to limit the number of fetches for the Jamf Pro adapter to one fetch per day, in order to preserve the stability of the Jamf cloud.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • SaaS data

About Jamf Pro

Use cases the adapter solves

Jamf Pro is a powerful endpoint management solution that provides a robust inventory of our managed Apple devices in Axonius. Even more importantly, by combining Jamf Pro with network/infrastructure data coming from additional adapters, Axonius can identify unmanaged or even rogue devices on the network.

Data retrieved by Jamf Pro

Axonius collects common device information such as hostname, IPs, MAC address, and serial number. It also collects information unique to Jamf such as device policies, profiles, and groups. The adapter can be configured to collect additional information, such as user data and even mobile devices.

Enforcements

With the Jamf Pro adapter configured, Axonius can add devices to Jamf Pro computer groups directly in the Enforcement Center. Jamf Pro - Add Assets to Computer Group

Parameters

  1. Jamf Domain (required) - The hostname of the Jamf Pro server. This field format is 'https://[instance].jamfcloud.com'.
  2. User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets via the API.
  3. Use Client Credentials (optional) - Toggle on to authenticate using client credentials.
    • Client ID and Client Secret (optional) - When the authentication method is via client credentials, specify the Client ID and Client Secret to be used to authenticate the request. For more information about obtaining a Client ID and Client Secret, see API Roles and Clients.
Note:

These parameters are only displayed when you toggle on the Use Client Credentials option.

  1. HTTP Proxy and HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Jamf Domain.
  2. Tenant Tag (optional) - Specify a tag name to tag all devices fetched from this adapter connection.
  3. Bypass SSO (Only for accounts with SaaS Management capability) (required, default: switched off) - Select it if the newly created user account is allowed to bypass SSO according to the Jamf instance settings.
  4. 2FA Secret Key (Only for accounts with SaaS Management capability) (optional) - If you access Jamf Pro through an SSO solution that requires 2-factor authentication, you will need to generate a secret key in that solution and paste it here. See instructions for performing this action in Okta.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Jamf%20Pro

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Fetch Devices (Cybersecurity Assets Management only) - This adapter fetches devices by default. Clear this option to not fetch devices.
  2. Fetch Users (Pro API only) (default true) (Cybersecurity Assets Management only) - Select this option to fetch users (selected by default, clear if you do not want to fetch users).
  3. Fetch department of users - Select whether to fetch the names of buildings and departments of users for this adapter connection.
  4. Fetch policies (required, default: true) - Select whether to fetch policies associated with devices for this adapter connection. This field is ignored when Use pro API is selected.
  5. Fetch mobile devices (required, default: true) - Select whether to fetch mobile devices in addition to standard devices for this adapter connection.
  6. Fetch Enrollment Devices - Select this option to fetch enrollment devices.
  7. Use pro API - Select to use Jamf Pro API. If cleared, Axonius will use the Classic API.
  8. Async chunks in parallel (required, default: 5) - The number of chunks to fetch in parallel when working with the Classic API.
Note:

The maximum number of async requests on Jamf Pro cloud instances (not on-prem) is 5. Even if a higher value is entered, the value of 5 is used. This is per Jamf official recommendation. Higher values are possible for Jamf Pro on-prem.

  1. Items to not fetch (optional) - Select one or more options to exclude from the fetch.
  2. Enrich software with version info (Cybersecurity Asset Management only) - Select this option to enrich software with the following fields: 'Current version release date', 'Next version release date', 'Newer version count'.
Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

APIs

Axonius supports the Jamf Classic API and Jamf Pro API.

Note:

Note that this adapter supports token-based authentication for JamfPro API access.


Creating a User by Connecting to the Jamf Admin Panel

  1. Log in to the Jamf Pro admin panel and navigate to the Settings panel. Click Jamf Pro User Accounts & Groups.
    image.png
  2. Click New to create a new user and select Create Standard Account > Next.
    image.png
  3. Fill in the details for this account. Make sure to select Custom from the Privilege Set dropdown, and select Full Access from the Access Level dropdown.
    image.png
  4. Navigate to the Privileges tab. Under Jamf Pro Server Objects, select the Read option for each object displayed.
    image.png
  5. Click Save.

Required Permissions

The value supplied in Username and Password must have the following access to devices.

APIWhat forPermissions
ProDevicesRead Computers
ProUsersRead Accounts
ProMobile DevicesRead Mobile Devices
ProDepartments & Buildings InformationRead Buildings
ProDepartments & Buildings InformationRead Departments
ClassicDevicesRead Computers
ClassicMobile  DevicesRead - Mobile Devices
BothEC Actions (when used)Update - Smart Computer Groups

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.