Skip to content

Configuring Jamf Pro as a Provider

Integrating SailPoint Identity Risk with Jamf Pro provides detailed device inventory and security information including:

  • General - Device Name, Serial Number, Mac Address, Managed Status, IP Addresses
  • Hardware - Make, Model, Apple/Intel Silicon
  • Operating System - OS Version, AD Status, Disk Encryption Status
  • Security - Secure Boot Level, Firewall Enabled, System Integrity Protection Status

Prerequisites

To get started, you will need the following:

Jamf Pro provider:

  • Appropriate account with administrative privilege to log onto to: https://[companyname].jamfcloud.com/api

Note

Identity Risk supports Jamf Pro environments hosted in Jamf Cloud. If your Jamf Pro environment is not hosted in Jamf Cloud, contact SailPoint to discuss your requirements.

Configuring a New Jamf Provider in Identity Risk

In Identity Risk:

  1. Select Settings, and select Providers.
  2. Select Jamf Pro.
  3. Enter a unique name for your Jamf Pro provider.

  4. Enter the Jamf Pro API URL. The Jamf Pro API is available at the API URL based on your Jamf Pro server URL with an /api suffix in the format:

    https://[companyname].jamfcloud.com/api

    Jamf Pro provider with Jamf API URL

  5. Leave the Configure Providers page open, you will return here to complete the configuration.

In Jamf Pro Dashboard:

To allow Identity Risk to communicate with the Jamf Pro API, a service account with read-only privileges is required.

  1. Select Settings > System > User accounts and groups.
  2. In User accounts and groups, select + New.
  3. Select Create Standard Account as the action.
  4. Select Next.

  5. In New Account, enter the following details:

    • Username - enter the username for this account
    • Privilege Set - set to Custom
    • Access Status - set to Enabled
    • Full Name - enter a full name for the account
    • Password - enter a password for the account

    Note

    Do not select the "Force user to change password at next login" option.

  6. Select Privileges tab.

  7. In Jamf Pro Server Objects, select READ for the following objects:

    • Computers
    • Mobile Devices

    Note

    Support for Mobile Devices will be added in a future release.

  8. Select Save to complete the configuration of the new account.

  9. Go back to User accounts and groups.
  10. Copy the Jamf Pro service account Username.
  11. In Identity Risk, paste the Username value of the configured service account into Jamf Pro API Username.
  12. Copy the Jamf Pro service account Password.
  13. In Identity Risk, paste the Password of the configured service account Jamf Pro API Password.
  14. Select Create.
  15. After successful creation of the Jamf Pro provider you'll be promoted to configure a Webhook required to complete the configuration.

  16. Copy or download the Web Hook URL and Web Hook Authorization Code.

    Caution

    The WebHook configuration details are provided only once. Ensure that you either copy or downloaded for future reference.

    Jamf Pro Webhook Details

In Jamf Pro Dashboard:

  1. Select Settings > Global > Webhooks.
  2. In Webhooks select + New.

  3. Enter a Display Name that identifies both Identity Risk and the Webhook event in the name.

    Example Webhook for Computer Checkin event named SailPoint Computer Checkin.

  4. Select Enabled to enable the Webhook.

  5. Paste the Identity Risk provider Web Hook URL configuration into Webhook URL.
  6. In Authentication Type dropdown select Header Authentication.
  7. Paste the Identity Risk provider Web Hook Authorization Code configuration into Header Authentication.
  8. In Content Type select JSON.
  9. In Webhook Event dropdown select the ComputerCheckin event.
  10. Select Save to complete webhook configuration.

  11. Repeat the Webhook steps for the ComputerInventoryCompleted event.

    Note

    The same Webhook URL and Header Authentication is used for all events.

  12. Once the webhook configuration is complete, Jamf Pro will notify Identity Risk when one of the events is triggered. Identity Risk will query the API to ingest the data.

In Identity Risk:

  1. Select Finished. The Jamf Pro provider is created, and you are directed to a success screen, after which you may return to Providers to view the status of your newly created provider.

  2. To test the webhook, trigger a ComputerCheckin event on a device using the command:

    sudo jamf policy

  3. Locate the device in the Identity Map, select the device profile.

  4. Select Attributes to view all existing data and data ingested from Jamf Pro.

Deleting Providers

To remove a Jamf Pro provider from Identity Risk:

  1. In Jamf Pro Dashboard, delete the Identity Risk service account. Once the service account has been deleted, it will no longer be accessible to Identity Risk.
  2. In Identity Risk, select Settings > Providers.
  3. In Enabled Integrations, select Show Details next to Jamf Pro.
  4. Select Delete.

  5. Select Yes to confirm. The provider is deleted.

    Note

    Ingested historical data is still available. No new data is ingested.