How can we help?

Search

Jamf Integration

Noga Tubi
Noga Tubi
  • Updated
Torii SMP
Torii Identity
Set up your Jamf integration and get all the insights in Torii's dashboard

Torii integrates with your Jamf Pro account and syncs the list of users, computers, and mobile devices.

Additionally, Jamf discovers all installed apps on your company's devices as well as which users have these apps installed and usage of these installed apps.

Please note: Jamf usage data for desktop apps is updated with a 3 day delay due to limitations of the Jamf API. 

This integration connects to Jamf Pro. Torii does not currently have an integration for Jamf Connect only. 

Users, Computers, and Mobile Devices

The integration lists all users and their assigned devices as licenses. There is one license for Computers and one for Mobile devices.

Each computer and mobile device will be shown as one license, and a user can be assigned to one or more licenses.

Torii will show inactive licenses when users have left the organization or are not using Jamf for a period of time.

Torii syncs last used date from computers only and not from mobile devices

Integration

For the integration, we will create an API role that defines a privilege set.

  • Step 1: Login as an administrator to Jamf
  • Step 2: Go to the Settings page
  • Step 3: In the System section, click API roles and clients
    Untitled (33).png
     
  • Step 4: Click the API Roles tab at the top of the pane
    Untitled (34).png
     
  • Step 5: Click New +
  • Step 6: Enter a display name for the API role
    Untitled (35).png
     
  • Step 7: In the Jamf Pro API role privileges field, apply the following permissions:

Roles required to get Jamf user data:

  • Advanced User Searches (CREATEREADUPDATE)
  • Important: The CREATEREADUPDATE permissions are required in order to efficiently retrieve the list of users from your account. Torii uses Jamf's Advanced User Search feature to get the list of users. Therefore, after the first sync, you will notice an Advanced User Search in your Jamf account named: "Torii Integration - Get all users".
  • Computers (READ)
  • Mobile Devices (READ)
  • Static User Groups (READ)
  • Smart User Groups (READ)
  • Static Computer Groups (READ)
  • Smart Computer Groups (READ)
  • Accounts (READ)
  • Users (READ)

Roles required to get Jamf desktop app, user and usage data:

  • Advanced Computer Searches (CREATEREADUPDATE) - add these to benefit from app & user discovery via Jamf
  • Important: The CREATEREADUPDATE permissions are required in order to efficiently retrieve the list of apps installed on your company's devices, and the users using these apps. Torii uses Jamf's Advanced Computer Search feature to get the list of users. Therefore, after the first sync, you will notice an Advanced Computer Search in your Jamf account named: "Torii Integration - Get all computers applications".

Roles required to run Jamf actions:

  • If you plan to use Torii for automated actions, add the CREATEUPDATE and DELETE permissions to all objects present previously
    • For example, to run the "Delete Jamf user" action, please add the Users (CREATEUPDATE and DELETE) permission.
    • To run the "Lock Jamf computers of user" action, please apply the "Send Computer Remote Lock Command" privilege.

       
  • Step 8: Click Save
  • Step 9: Create an API Client and generate a client secret using the following instructions
    • Note:  The client secret will only be displayed once. Make sure you save it to a secure location before dismissing the dialog.
       
  • Step 10: Go to the Torii Integrations page and click on the Jamf tile in order to connect
  • Step 11: Provide the Jamf Organization URLClient ID and Client Secert

You can always contact our support team for help at support@toriihq.com.


Q&A:

Q: Why do I see disabled Jamf Admins as active in Torii?

A: Jamf API does not expose admins' access status. Thus all Jamf Admins returning from the API will be shown in Torii as active.

 

Q: Why do I get the error "Request timed out" when connecting Jamf integration? 

Screenshot 2023-11-05 at 12.45.49.png
A: Make sure you entered the correct Port. Try to change the port (for example from 8443 to 443) and reconnect the integration. 

 

Q: I don't use an application, but I am listed as an app user for it in Torii - with Jamf being the app user source. Why do I appear there?

A: This means that Jamf discovered this app installed on your device. 

 

Q: Why do I get the error "Invalid Token" when connecting Jamf integration? 

A: Increasing the Access Token lifetime value to 300 seconds can often clear this issue.

 

Q: What does "Last used date" mean in the context of Jamf for a user?
A: The "Last used date" user field represents the latests date any of the user's computers' reported data to Jamf. 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request