Jamf Pro
Jamf Pro is a device management tool primarily used in the Apple ecosystem that remotely connects, manages, and protects Apple users, devices and services. You can bring computer, mobile device, person, and software data from Jamf Pro into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Jamf Pro and how to obtain that information from Jamf. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Jamf Pro from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Jamf with Brinqa:
-
Server URL: The Jamf Server URL. The URL format is
https://jamf.[instance].com. -
Username and Password: The username and password associated with the Jamf user, which must have permissions to log in to the API server and return data.
Create a Jamf user
The Jamf user must have read access to computers and mobile devices in order to retrieve data. To ensure the user account that the Jamf connector uses to access the Jamf Pro server has the appropriate permissions, follow these steps:
-
Log in to your organization's Jamf Pro server.
-
Navigate to Management Settings > System > User accounts & groups.
-
Click New.
-
Select Create Standard Account and click Next.
-
Give the new user a user name.
-
For the Privilege Set, select Custom.
-
Under Access Status, select Enabled.
-
Enter the user details, including full name, email address, and password.
-
Click the Privileges tab.
-
Under Jamf Pro Server Objects, locate Computers and Mobile Devices, and select Read for both objects.
-
Click Save.
The above steps describe the minimum requirements for the Jamf connector to work properly. For additional information on Jamf access and privileges, see Jamf Product Documentation on user account and groups.
Additional settings
The Jamf Pro connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 8.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Jamf Pro connector can retrieve the following types of data from the Jamf Pro API:
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Computer | Yes | Host |
| Installed Software | Yes | Installed package |
| Mobile Device | Yes | Device |
| Person | Yes | Person |
| Software | Yes | Package |
The Jamf Pro connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Jamf Pro in the Brinqa Platform, see How to view your data.
APIs
The Jamf Pro connector uses the Jamf Pro API. Specifically, it uses the following endpoints:
-
/api/v1/computers-inventory -
/api/v2/mobile-devices -
/api/auth/tokens
Changelog
The Jamf Pro connector has undergone the following changes:
3.0.9
- Added support for Data lifecycle management to the Computer and Mobile Device objects.
3.0.8
- Fixed an issue where the Jamf Pro connector was failing to sync the Software object due to an array out-of-bounds exception.
3.0.7
-
Added the following attributes to the Computer object:
- EXTENSION_ATTRIBUTES
- OWNER_EMAIL
- PROFILES
- ROOM
3.0.6
-
Fixed an issue where certain attributes in the Computer object were parsed as a string rather than a boolean.
-
Fixed an issue where the Installed Software and Software syncs were failing.
3.0.5
- Normalized the NAME attribute in the Computer object.
3.0.4
- Added two connector objects, Software and Installed Software.
3.0.3
- Normalized the MAC_ADDRESS attribute in the Computer object.
3.0.1
- Initial Integration+ release.