
Jamf Pro
Endpoint Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Jamf Pro connector integrates with Jamf Pro, an Apple device management (MDM) platform. It synchronizes managed device inventory and the people and software associated with those devices from the Jamf Pro API into the Brinqa Unified Data Model (UDM). The connector pulls computers (macOS hosts), mobile devices, the users assigned to computers, the catalog of installed applications (software), and the per-device installed-software relationships.
Data retrieved from Jamf Pro
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Computer | Yes | Host |
| Mobile Device | Yes | Device |
| Person | Yes | Person |
| Software | Yes | Package |
| Installed Software | Yes | Installed Package |
Model relationships
For detailed steps on how to view the data retrieved from Jamf Pro in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Jamf Pro from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | No | — | Jamf pro server URL |
| Username | No | — | Jamf pro account username |
| Password | No | — | Jamf pro account password |
| Page size | No | — | Maximum number of records to get per API request |
| Parallel requests | No | — | Maximum number of parallel API requests |
| SSL / TLS | No | — | Skip certificate verification |
Authentication
The connector uses Bearer token authentication. It first exchanges the configured Jamf Pro username and password (sent as HTTP Basic credentials) for a short-lived bearer token, then attaches that token to every subsequent API request. The token is cached in memory and automatically refreshed when it is within 5 seconds of its expiry.
Token Endpoint
| Method | URL |
|---|---|
| POST | {url}/api/v1/auth/token |
Request Headers (token request)
| Header | Value |
|---|---|
| Authorization | Basic base64(username:password) |
Request Body (token request)
No request body is sent; credentials are supplied via the Authorization: Basic header.
Sample Response
{
"token": "eyJhbGciOiJIUzI1NiJ9.eyJ...",
"expires": "2026-06-10T18:30:00.000Z"
}
Response Fields
| Field | Type | Description |
|---|---|---|
| token | string | Bearer token used to authorize subsequent API calls. |
| expires | instant | Expiration timestamp of the token. The connector refreshes the token when it is within 5 seconds of this time. |
Using the Token
On every data request the connector sets the following header using the cached token:
| Header | Value |
|---|---|
| Authorization | Bearer {token} |
Sync Behavior
Each sync is a full sync. Although a since (Instant) value is derived from the incremental sync token, the connector does not apply it as a request filter — every run re-fetches the complete set of records for each enabled model. Records are retrieved in pages via the page-size and page query parameters, and the derived Person, Software, and Installed Software models are extracted and deduplicated from the full computer inventory on each run.
How to obtain Jamf Pro credentials
Create a Jamf user
The Jamf user must have read access to computers and mobile devices in order to retrieve data. To ensure the user account that the Jamf connector uses to access the Jamf Pro server has the appropriate permissions, follow these steps:
-
Log in to your organization's Jamf Pro server as an administrator.
-
Navigate to Management Settings > System > User accounts & groups.
-
Click New.
-
Select Create Standard Account and click Next.
-
Give the new user a user name.
-
For the Privilege Set, select Custom.
-
Under Access Status, select Enabled.
-
Enter the user details, including full name, email address, and password.
-
Click the Privileges tab.
-
Under Jamf Pro Server Objects, locate Computers and Mobile Devices, and select Read for both objects.
-
Click Save.
Note: The above steps describe the minimum requirements for the Jamf connector to work properly. For additional information on Jamf access and privileges, see Jamf Product Documentation on user account and groups.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Computer
| Source Field Name | SDM Attribute |
|---|---|
ComputerResource.id | JAMF_ID |
ComputerResource.udid | UDID |
ComputerResource.uid | UID |
ComputerResource.uid | NAME |
configurationProfiles.displayName | PROFILES |
| constant active | STATUS |
| constants Host, Computer | CATEGORIES |
general.assetTag | ASSET_TAG |
general.declarativeDeviceManagementEnabled | DECLARATIVE_DEVICE_MANAGEMENT_ENABLED |
general.enrolledViaAutomatedDeviceEnrollment | ENROLLED_VIA_AUTOMATED_DEVICE_ENROLLMENT |
general.enrollmentMethod.objectType | ENROLLMENT_METHOD |
general.extensionAttributes | EXTENSION_ATTRIBUTES |
general.firstSeen | FIRST_SEEN |
general.itunesStoreAccountActive | ITUNES_STORE_ACCOUNT_ACTIVE |
general.jamfBinaryVersion | JAMF_BINARY_VERSION |
general.lastContactTime | LAST_SEEN |
general.lastEnrolledDate | LAST_ENROLLED |
general.lastReportedIp | IP_ADDRESSES |
general.lastReportedIp (when private) | PRIVATE_IP_ADDRESSES |
general.lastReportedIp (when public) | PUBLIC_IP_ADDRESS |
general.lastReportedIp (when public) | PUBLIC_IP_ADDRESSES |
general.mdmCapable.capable | MDM_CAPABLE |
general.mdmCapable.capableUsers | MDM_CAPABLE_USERS |
general.mdmProfileExpiration | MDM_PROFILE_EXPIRATION_DATE |
general.name (normalized) | HOSTNAME |
general.name (normalized) | HOSTNAMES |
general.remoteManagement.managed / managementUsername | MANAGED |
general.reportDate | LAST_REPORTED |
general.site.name | SITE |
general.supervised | SUPERVISED |
general.userApprovedMdm | USER_APPROVED_MDM |
hardware.macAddress, hardware.altMacAddress (normalized) | MAC_ADDRESSES |
hardware.make | MAKE |
hardware.model | MODEL |
hardware.model + operatingSystem.displayName | DESCRIPTION |
hardware.modelIdentifier | MODEL_IDENTIFIER |
hardware.serialNumber | SERIAL_NUMBER |
operatingSystem.activeDirectoryStatus | ACTIVE_DIRECTORY_STATUS |
operatingSystem.displayName | OPERATING_SYSTEM |
security.activationLockEnabled | ACTIVATION_LOCK_ENABLED |
security.autoLoginDisabled | AUTO_LOGIN_DISABLED |
security.externalBootLevel | EXTERNAL_BOOT_LEVEL |
security.firewallEnabled | FIREWALL_ENABLED |
security.recoveryLockEnabled | RECOVERY_LOCK_ENABLED |
security.secureBootLevel | SECURE_BOOT_LEVEL |
security.sipStatus | SYSTEM_INTEGRITY_PROTECTION |
userAndLocation.email | OWNER_EMAIL |
userAndLocation.room | ROOM |
userAndLocation.username | OWNER |
Mobile Device
| Source Field Name | SDM Attribute |
|---|---|
| constant active | STATUS |
| constants Device, Mobile | CATEGORIES |
MobileDeviceResource.id | JAMF_ID |
MobileDeviceResource.model | MODEL |
MobileDeviceResource.modelIdentifier | MODEL_IDENTIFIER |
MobileDeviceResource.phoneNumber | PHONE_NUMBER |
MobileDeviceResource.serialNumber | SERIAL_NUMBER |
MobileDeviceResource.udid | UDID |
MobileDeviceResource.uid | UID |
MobileDeviceResource.uid | NAME |
MobileDeviceResource.username | OWNER |
MobileDeviceResource.wifiMacAddress (normalized) | MAC_ADDRESSES |
| model / modelIdentifier / name / type | DESCRIPTION |
sync time (Instant.now()) | LAST_CAPTURED |
Person
| Source Field Name | SDM Attribute |
|---|---|
| constants Person, Identity | CATEGORIES |
userAndLocation.email | |
userAndLocation.realName | NAME (display) |
userAndLocation.username | UID |
userAndLocation.username | NAME |
userAndLocation.username | USERNAME |
Software
| Source Field Name | SDM Attribute |
|---|---|
application.bundleId | BUNDLE_ID |
application.externalVersionId | EXTERNAL_VERSION_ID |
application.macAppStore | MAC_APP_STORE |
application.name | NAME |
application.sizeMegabytes | SIZE_IN_MB |
application.updateAvailable | UPDATE_AVAILABLE |
application.version | REVISION |
generated CPE URI (falls back to application.id) | UID |
Installed Software
| Source Field Name | SDM Attribute |
|---|---|
application.path | INSTALL_PATH |
computer.uid | TARGETS |
computer.uid + _ + software UID | UID |
generated software UID (CPE URI) | TYPE |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Computer
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Computer on every run and applies no incremental date filter.
API
- Type: REST endpoint · Endpoint:
GET {url}/api/v1/computers-inventory - Default filters: inventory sections
APPLICATIONS,CONFIGURATION_PROFILES,GENERAL,GROUP_MEMBERSHIPS,HARDWARE,LICENSED_SOFTWARE,OPERATING_SYSTEM,SECURITY,USER_AND_LOCATION
Mobile Device
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Mobile Device on every run and applies no incremental date filter.
API
- Type: REST endpoint · Endpoint:
GET {url}/api/v2/mobile-devices
Person
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Person on every run and applies no incremental date filter.
API
- Type: REST endpoint · Endpoint:
GET {url}/api/v1/computers-inventory - Default filters: inventory sections
APPLICATIONS,CONFIGURATION_PROFILES,GENERAL,GROUP_MEMBERSHIPS,HARDWARE,LICENSED_SOFTWARE,OPERATING_SYSTEM,SECURITY,USER_AND_LOCATION
Software
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Software on every run and applies no incremental date filter.
API
- Type: REST endpoint · Endpoint:
GET {url}/api/v1/computers-inventory - Default filters: inventory sections
APPLICATIONS,CONFIGURATION_PROFILES,GENERAL,GROUP_MEMBERSHIPS,HARDWARE,LICENSED_SOFTWARE,OPERATING_SYSTEM,SECURITY,USER_AND_LOCATION
Installed Software
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Installed Software on every run and applies no incremental date filter.
API
- Type: REST endpoint · Endpoint:
GET {url}/api/v1/computers-inventory - Default filters: inventory sections
APPLICATIONS,CONFIGURATION_PROFILES,GENERAL,GROUP_MEMBERSHIPS,HARDWARE,LICENSED_SOFTWARE,OPERATING_SYSTEM,SECURITY,USER_AND_LOCATION
Changelog
The Jamf Pro connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.9 | New Features - Added automatic lifecycle management for Computers and Mobile Devices. Records that have not been seen for more than 30 days are now retired automatically, keeping inventory aligned with the devices Jamf is actively managing. - Mobile Devices now capture a "Last Captured" timestamp recording when each device was last synchronized. | N/A |
| 3.0.8 | Bug Fixes - Resolved an edge case in software name parsing that could produce malformed values for certain application paths, improving the accuracy of Software and Installed Software records. | N/A |
| 3.0.7 | New Features - Computers now include additional context from Jamf: assigned Room, Owner email, applied configuration Profiles, and custom Extension Attributes. | N/A |
| 3.0.6 | Improvements - Several Computer fields that were previously stored as text — including "Enrolled via automated device enrollment", "User approved MDM", and "Activation lock enabled" — are now stored as true/false values, making them easier to filter and report on. - Software and Installed Software records are now mapped to the standard Package and Installed Package models in the Brinqa data model for better cross-connector consistency. Bug Fixes - Hardened software path parsing to prevent errors when applications are installed in unusual locations. | • Computer: The "Enrolled via automated device enrollment", "User approved MDM", and "Activation lock enabled" fields changed from text to true/false values. Re-sync the connector so existing records are repopulated with the new value type. • Software / Installed Software: These models were remapped to the standard Package and Installed Package targets. Purge the affected data and re-sync the connector so records land under the correct model. |
| 3.0.5 | Improvements - Computer hostnames are now normalized to a consistent format, improving correlation of computers with data from other connectors. - Software records now capture the application publisher and no longer use the application name as a consolidation key, producing cleaner, more accurate software inventory. | • Computer: Hostnames are now normalized. Re-sync the connector so existing computers are stored with the normalized hostname values. • Software: The consolidation key no longer includes the application name. Re-sync the connector so software records consolidate under the updated identity. |
| 3.0.4 | New Features - Added a Software model that catalogs the applications discovered across managed computers. - Added an Installed Software model that captures the per-computer relationship between a device and the software installed on it. - Restored synchronization of the Person model representing the users assigned to computers. | N/A |
| 3.0.3 | Improvements - MAC addresses on Computers and Mobile Devices are now normalized to a consistent format, improving correlation of devices with data from other connectors. | • Computer / Mobile Device: MAC addresses are now stored in a normalized format. Re-sync the connector so existing devices are updated with the normalized values. |
| 3.0.2 | Improvements - Updated the connector category metadata. | N/A |
| 3.0.1 | New Features - Greatly expanded the Computer inventory synchronized from Jamf, including detailed hardware, operating system, security posture, enrollment, configuration, and licensed-software information. - Added an Application model cataloging the software discovered on managed computers. Improvements - Rebuilt the connector on the current Brinqa connector framework for improved reliability and richer data coverage. - Updated the connector display name and configuration labels to reference "Jamf Pro". | • Computer / Mobile Device: The unique identifier selection changed (the device UDID is now preferred over the serial number). Purge the existing Computer and Mobile Device data and reconnect/re-sync so records are keyed consistently. |
| 3.0.0 | Overview The Jamf Pro connector integrates with Jamf Pro, an Apple device management platform, to synchronize managed device inventory and the people associated with those devices into Brinqa. Category: Asset Management Models | N/A |