How can we help?

Kandji Integration

Uri Hershkovitz
Uri Hershkovitz
  • Updated

Set up the Kandji integration and get all the insights in Torii's dashboard

Overview

Torii integrates with Kandji and syncs:

User Fields License Types
Users Mac
Licenses IPhone
Status in app IPad
 

AppleTV

Torii supports multiple Kandji accounts.

Additionally, Kandji discovers all installed apps on your company's devices as well as which users have these apps installed.

You will also be able to take and automate the following actions:

  • Lock Kandji user's devices
  • Erase Kandji user's devices
  • Delete Kandji user's devices

 

Please note: we only display information on devices that are attributed to users.

You can constantly be updated with application information from our Integrations Page >> Integration Capabilities button >> Integration Capabilities table

Requirements

Accounts & permissions

  • Make sure you have a Kandji Account and an admin user with access to users and applications.

Scopes

  • Torii requests the minimum required scopes to support syncing all required data.
  • Torii requires the following scopes to connect to get full user & license data from the integration:
    • Applications - “GET /api/v1/prism/apps”
    • Device list - “GET /api/v1/devices”
  • To run actions in Kandji via Torii, additional permissions are required:
    • "Read and take action" permissions when connecting the integration. 
    • Lock Kandji user's devices -
      • "POST /api/v1/devices/{device_id}/action/lock"
      • "GET /api/v1/devices/{device_id}/secrets/unlockpin"
    • Erase Kandji user's devices -
      • "POST /api/v1/devices/{device_id}/action/erase"
      • "GET /api/v1/devices/{device_id}/secrets/unlockpin"
    • Delete Kandji user's devices - "DELETE /api/v1/devices/{device_id}"

Connect the Kandji Integration

  1. Generate an API token in Kandji. To do so, log in to Kandji, and them go to Settings > Access
    Screenshot 2024-04-16 at 16.16.55.png
  2. Scroll down to API Token and click Add API Token to create a new API key.
  3. Enter Torii as the name, and a brief description.
    Screenshot 2024-04-16 at 16.17.43.png
  4. Click Create:
    Screenshot 2024-04-16 at 16.18.34.png
  5. Take a copy of the token and click Next.
    Screenshot 2024-04-16 at 16.18.59.png
  6. Click Configure to set the permissions.
    The token needs the following endpoint permissions enabled:
    1. Applications - “/api/v1/prism/apps”
    2. Device list - “/api/v1/devices”
      Screenshot 2024-05-01 at 15.58.06.png
  7. When you are done, click Save
    Screenshot 2024-04-16 at 16.24.43.png
  8. You will then be shown your API URL which you will also need to enter into Torii:
    Screenshot 2024-04-16 at 16.25.05.png
  9. Now, connect the Kandji integration in Torii using the API URL and API token you've generated. Go to the Integrations page and click on the "Kandji" tile
    Screenshot 2024-05-01 at 15.51.54.png
  10. Connect to Kandji.
  11. In the integration connection popup, enter the API URL and API token, and click Connect.
    Screenshot 2024-05-01 at 15.52.16.png
  12. Once the integration is connected and synced, it will display a green checkbox.
    Screenshot 2024-05-01 at 15.54.47.png

 

Q&A

Q: Are there any desktop apps that Torii does not discover that can be found in Kandji? 

A: Torii will discover all desktop apps as reported by Kandji with the exception of:

  • Apps that include the word "helper"
  • Apps that include the word "updater"

 

Q: Why is Torii presenting more apps discovered via Kandji than I am seeing in Kandji UI

A: The Kandji web interface shows only apps in the /applications and /system/applications folders - which is where apps are usually installed in MacOS. However, an application can be run from anywhere: if you download a .app you may save it anywhere and it will usually run. It is even possible that there are apps running that will not appear in the users' Launchpad (usually if they are not in the directories listed above).

Via the Kandji integration, Torii can provide information on apps such as described above, which do not normally appear in the Kandji interface. We believe that knowing about these apps can be helpful to discover Shadow IT or unwanted apps installed and running in your organization's computers. Torii provides you this additional insight and provides you this enhanced discovery to make sure you are in full control. 

 

Q: I've run the "Lock Kandji user's devices" action. Where can I find the PIN to unlock the user's devices?
A: After locking or erasing, the PIN number will be available in the workflow action details.

 

Q: What happens if I run the Kandji actions but the device is offline at the time they ran?
A: If a device doesn't have an internet connection, the erase and lock actions will be executed once the connection is re-established. The delete action does not require an internet connection to run, but the Kandji application will only be removed from the device once it has an internet connection. 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request