Torii integrates with your Jamf Pro account and syncs the list of users, computers, and mobile devices.
Additionally, Jamf discovers all installed apps on your company's devices as well as which users have these apps installed and usage of these installed apps.
Please note: Jamf usage data for desktop apps is updated with a 3 day delay due to limitations of the Jamf API.
This integration connects to Jamf Pro. Torii does not currently have an integration for Jamf Connect only.
Users, Computers, and Mobile Devices
The integration lists all users and their assigned devices as licenses. There is one license for Computers and one for Mobile devices.
Each computer and mobile device will be shown as one license, and a user can be assigned to one or more licenses.
Torii will show inactive licenses when users have left the organization or are not using Jamf for a period of time.
Torii syncs last used date from computers only and not from mobile devices
Integration
For the integration, we will create an API role that defines a privilege set.
- Step 1: Login as an administrator to Jamf
- Step 2: Go to the Settings page
-
Step 3: In the System section, click API roles and clients
-
Step 4: Click the API Roles tab at the top of the pane
- Step 5: Click New +
- Step 6: Enter a display name for the API role
-
Step 7: In the Jamf Pro API role privileges field, apply the following permissions:
Roles required to get Jamf user data:
- Advanced User Searches (
CREATE
,READ
,UPDATE
) -
Important: The
CREATE
,READ
,UPDATE
permissions are required in order to efficiently retrieve the list of users from your account. Torii uses Jamf'sAdvanced User Search
feature to get the list of users. Therefore, after the first sync, you will notice an Advanced User Search in your Jamf account named: "Torii Integration - Get all users". - Computers (
READ
) - Mobile Devices (
READ
) - Static User Groups (
READ
) - Smart User Groups (
READ
) - Accounts (
READ
) - Users (
READ
)
Roles required to get Jamf desktop app, user and usage data:
- Advanced Computer Searches (
CREATE
,READ
,UPDATE
) - add these to benefit from app & user discovery via Jamf -
Important: The
CREATE
,READ
,UPDATE
permissions are required in order to efficiently retrieve the list of apps installed on your company's devices, and the users using these apps. Torii uses Jamf'sAdvanced Computer Search
feature to get the list of users. Therefore, after the first sync, you will notice an Advanced Computer Search in your Jamf account named: "Torii Integration - Get all computers applications".
Roles required to run Jamf actions:
-
If you plan to use Torii for automated actions, add the
CREATE
,UPDATE
andDELETE
permissions to all objects present previously-
For example, to run the "Delete Jamf user" action, please add the Users (
CREATE
,UPDATE
andDELETE
) permission. -
To run the "Lock Jamf computers of user" action, please apply the "Send Computer Remote Lock Command" privilege.
-
-
Step 8: Click Save
-
Step 9: Create an API Client and generate a client secret using the following instructions
-
Note: The client secret will only be displayed once. Make sure you save it to a secure location before dismissing the dialog.
-
-
Step 10: Go to the Torii Integrations page and click on the Jamf tile in order to connect
-
Step 11: Provide the
Jamf Organization URL
,Client ID
andClient Secert
You can always contact our support team for help at support@toriihq.com.
Q&A:
Q: Why do I see disabled Jamf Admins as active in Torii?
A: Jamf API does not expose admins' access status. Thus all Jamf Admins returning from the API will be shown in Torii as active.
Q: Why do I get the error "Request timed out" when connecting Jamf integration?
A: Make sure you entered the correct Port. Try to change the port (for example from 8443 to 443) and reconnect the integration.
Q: I don't use an application, but I am listed as an app user for it in Torii - with Jamf being the app user source. Why do I appear there?
A: This means that Jamf discovered this app installed on your device.
Q: Why do I get the error "Invalid Token" when connecting Jamf integration?
A: Increasing the Access Token lifetime value to 300 seconds can often clear this issue.
Q: What does "Last used date" mean in the context of Jamf for a user?
A: The "Last used date" user field represents the latests date any of the user's computers' reported data to Jamf.