Skip to content

Jamf Pro Integration

BastionXP integrates with Jamf APIs to download the devices present in the Jamf's Mobile Devices collection and Computer Inventory.

Before you could connect Jamf Pro to BastionXP, you need to find the base URL of your Jamf instance. The base URL generally looks like the following:

https://[your-org-name].jamfcloud.com

BastionXP supports Client Credentials based authorization for Jamf Pro APIs. To get Client Credentials from Jamf, you need to configure an API Client and API Role with it.

You need to create an API Role with the following previleges:

  • Read Mobile Devices
  • Read Computers

Please refer to the following Jamf Pro guide and documentation page for more information:

https://developer.jamf.com/jamf-pro/docs/client-credentials https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/API_Roles_and_Clients.html

Connect Jamf Pro to BastionXP

Visit the BastionXP UI, click the settings icon in the top right corner. Select Device Management from the dropdown menu.

In the Device Management page, you can add a new MDM connector. Click the + Add MDM Connector button. A dialog window will open up. Select Jamf as the MDM provider. Enter the Jamf Pro instance's base URL and the Client ID and Client Secret provided by it. Click the Add MDM Connector button in the bottom right corner of the dialog window to add the Jamf MDM connector to the registry.

BastionXP will connect and authenticate with the Jamf Pro instance's API server using the Client Credentials, and will start downloading the devices from the Jamf Pro's Mobile Devices and Computer Inventory. The device download happens in batches. So, this may take a few minutes to complete.

Go to the BastionXP UI's Devices tab and you'll start seeing devices being synce'd from Jamf.

Webhook URL

In the Device Management page, you'll see the Jamf MDM connector being listed in the table. Click the link in it (or edit the entry using the kebab menu) to view the details. A card will open up and display all the information you just entered. It will also show a webhook URL and a webhook authentication token (Webhook API Key) that needs to be registered with your Jamf Pro instance for basic authentication.

Jamf will use this webhook URL to notify BastionXP when a new device gets added to the Jamf or when a device is deleted from it. BastionXP will use this information to update its device inventory in its database.

After the initial full download is completed, Jamf will notify BastionXP when devices are added or deleted using the webhook URL. BastionXP will not periodically poll the Jamf APIs for new devices.