cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Jamf Pro API

jessica-lie
Workato employee
Workato employee

[Jan 14, 2021] Gordon Hu from WeGalvanize posted:

Hi Automation pros,


Has anyone used Jamf Pro API? Here is my current challenge:

  1. We have 1 okta
  2. We have 4 different Active Directories and AD-mastered Okta users
  3. We have PC and Mac users
  4. PCs: either domain joined, or Intune enrolled
  5. Macs: either domain joined, or Jamf Connect enrolled

Weโ€™ve automate password expiry reminder via Slack/Email. But we would like to take a step further to remind them โ€œhowโ€ to change password, depending on which user/device types. I am sort of stuck in Jamf part. There doesnโ€™t seem to be an unique identifier that helps me link a mac local user and an Okta user. The two names have โ€œsimilarโ€ naming convention but not quite match.


An example would be:


A work around would be to

  1. Create an Okta Group (manual)
  2. Add Jamf Connect enrolled user into the group (manual)
  3. Then when we send out password expirty reminder, we double check that group (automated)

Hope to hear from you if you have better suggestions ๐Ÿ˜Š . Thanks in advance!


4 REPLIES 4

jessica-lie
Workato employee
Workato employee

[Jan 14, 2021] Gordon Hu from WeGalvanize replied:

Actually, I may have a work around.


Pre-requisite: a place to park the data (e.g., lookup table/box csv file), add all known Jamf Connect enrolled userโ€™s okta username there manually (1 time).


Recipe Trigger: every 15 minutes

Action:

  1. pull okta logs for the past 15 minutes
  2. filter the log to extract Jamf Connect app login and the corresponding okta_username
  3. check if these okta_username exist in the csv file, if not, add it

With this method, new enrolled users will be added to the file automatically. The only manual pain will be in the beginning.

jessica-lie
Workato employee
Workato employee

[Jan 15, 2021] George Kozlov (Director of Engineering Operations at People.ai) replied:

I built the automation that uses Jamf API and Okta API for a bit different task but didn't experience any issues with neither Jamf nor Okta APIs.I did the trick to use an asset tag in jamf to keep Okta's user unique Id, which might be a primary email or actual Id, depending on your needs.Then we search for machines in Jamf based on the asset tag. 


I assume you can add a custom field in Jamf if you don't like an asset tag for some reason.

jessica-lie
Workato employee
Workato employee

[Jan 16, 2021] Gordon Hu from WeGalvanize replied:

Thanks for reply. Is the asset tag in Jamf populated automatically? Or Jamf admins have to manually fill it up?

jessica-lie
Workato employee
Workato employee

[Jan 16, 2021] George Kozlov (Director of Engineering Operations at People.ai) replied:

We populate it manually with each enrollment.I don't see any way to automate it as you never know beforehand which device belongs to whom. Moving forward, I want to implement Jamf Connect, and I assume it will give you a way to associate the device with the logged-in user.