- 18 Jan 2024
- 4 Minutes to read
- Updated on 18 Jan 2024
- 4 Minutes to read
Jamf Pro is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.
Offical Jamf recommendation is to limit the number of fetches for the Jamf Pro adapter to one fetch per day, in order to preserve the stability of the Jamf cloud.
Types of Assets Fetched
This adapter fetches the following types of assets:
- SaaS data
About Jamf Pro
Use cases the adapter solves
Jamf Pro is a powerful endpoint management solution that provides a robust inventory of our managed Apple devices in Axonius. Even more importantly, by combining Jamf Pro with network/infrastructure data coming from additional adapters, Axonius can identify unmanaged or even rogue devices on the network.
Data retrieved by Jamf Pro
Axonius collects common device information such as hostname, IPs, MAC address, and serial number. It also collects information unique to Jamf such as device policies, profiles, and groups. The adapter can be configured to collect additional information, such as user data and even mobile devices.
With the Jamf Pro adapter configured, Axonius can add devices to Jamf Pro computer groups directly in the Enforcement Center. Jamf Pro - Add Assets to Computer Group
- Jamf Domain (required) - The hostname of the Jamf Pro server. This field format is 'https://[instance].jamfcloud.com'.
- User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets via the API.
- Use Client Credentials (optional) - Toggle on to authenticate using client credentials.
- Client ID and Client Secret (optional) - When the authentication method is via client credentials, specify the Client ID and Client Secret to be used to authenticate the request. For more information about obtaining a Client ID and Client Secret, see API Roles and Clients.
These parameters are only displayed when you toggle on the Use Client Credentials option.
- HTTP Proxy and HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Jamf Domain.
- Tenant Tag (optional) - Specify a tag name to tag all devices fetched from this adapter connection.
- Bypass SSO (Only for accounts with SaaS Management capability) (required, default: switched off) - Select it if the newly created user account is allowed to bypass SSO according to the Jamf instance settings.
- 2FA Secret Key (Only for accounts with SaaS Management capability) (optional) - If you access Jamf Pro through an SSO solution that requires 2-factor authentication, you will need to generate a secret key in that solution and paste it here. See instructions for performing this action in Okta.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters.
- Fetch Devices (Cybersecurity Assets Management only) - This adapter fetches devices by default. Clear this option to not fetch devices.
- Fetch Users (Pro API only) (default true) (Cybersecurity Assets Management only) - Select this option to fetch users (selected by default, clear if you do not want to fetch users).
- Fetch department of users - Select whether to fetch the names of buildings and departments of users for this adapter connection.
- Fetch policies (required, default: true) - Select whether to fetch policies associated with devices for this adapter connection. This field is ignored when Use pro API is selected.
- Fetch mobile devices (required, default: true) - Select whether to fetch mobile devices in addition to standard devices for this adapter connection.
- Fetch Enrollment Devices - Select this option to fetch enrollment devices.
- Use pro API - Select to use Jamf Pro API. If cleared, Axonius will use the Classic API.
- Async chunks in parallel (required, default: 5) - The number of chunks to fetch in parallel when working with the Classic API.
The maximum number of async requests on Jamf Pro cloud instances (not on-prem) is 5. Even if a higher value is entered, the value of 5 is used. This is per Jamf official recomendation. Higher values are possible for Jamf Pro on-prem.
- Items to not fetch (optional) - Select one or more options to exclude from the fetch.
- Enrich software with version info (Cybersecurity Asset Management only) - Select this option to enrich software with the following fields: 'Current version release date', 'Next version release date', 'Newer version count'.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Note that this adapter supports token-based authentication for JamfPro API access.
Creating a User by Connecting to the Jamf Admin Panel
- Log in to the Jamf Pro admin panel and navigate to the Settings panel. Click Jamf Pro User Accounts & Groups.
- Click New to create a new user and select Create Standard Account > Next.
- Fill in the details for this account. Make sure to select Custom from the Privilege Set dropdown, and select Full Access from the Access Level dropdown.
- Navigate to the Privileges tab. Under Jamf Pro Server Objects, select the Read option for each object displayed.
- Click Save.
The value supplied in Username and Password must have the following access to devices.
|Read Mobile Devices
|Departments & Buildings Information
|Departments & Buildings Information
|Read - Mobile Devices
|EC Actions (when used)
|Update - Smart Computer Groups