Jamf Pro

Integration Setup

For the app to function correctly, integration with Jamf Pro is required. You can sign in to Jamf Pro in two ways:

1. During the onboarding process.

2. By navigating to Settings -> Accounts -> Jamf Pro.

Requirements

To sign in, you will need to provide your Jamf Pro instance server details and login credentials. Please note that Jamf Pro does not currently offer an SDK to enable SSO sign-ins, so you will need to sign in directly with a Jamf Pro Standard username and password. LDAP credentials can also be used.

While it is possible to sign in with a full administrator account, we recommend creating a dedicated group for iQ with a limited set of permissions. Below are the requirements for different levels of access:

Requirements for Read-Only Access:

Jamf Pro Server Objects:

• Advanced Computer Searches - Read

• Computers - Read

• Mobile Devices - Read

• Users - Read

Requirements for Full App Functionality:

Jamf Pro Server Objects:

• Advanced Computer Searches - Read

• Computers - Create, Read, Update

• Managed Software Updates - Create, Read

• Mobile Devices - Create, Read, Update

• Users - Read, Update

• Patch Management Software Titles - Read

Jamf Pro Server Actions:

(These actions can be modified to suit your needs if you want to limit the available commands)

• Flush MDM Commands

• Send Computer Bluetooth Command

• Send Computer Delete User Account Command

• Send Computer Remote Desktop Command

• Send Computer Remote Command to Download and Install macOS Update

• Send Computer Remote Lock Command

• Send Computer Remote Wipe Command

• Send Computer Unlock User Account Command

• Send Computer UnManage Command

• Send Set Recovery Lock Command

• Send Set Timezone Command

• Send Software Update Settings Command

• Send Update Passcode Lock Grace Period Command

• View Activation Lock Bypass Code

• View Disk Encryption Recovery Key

• View Local Admin Password

• View Recovery Lock

• Send Mobile Device Bluetooth Command

• Send Mobile Device Diagnostics and Usage Reporting and App Analytics Commands

• Send Mobile Device Disable Data Roaming Command

• Send Mobile Device Disable Voice Roaming Command

• Send Mobile Device Enable Data Roaming Command

• Send Mobile Device Enable Voice Roaming Command

• Send Mobile Device Lost Mode Command

• Send Mobile Device Managed Settings Command

• Send Mobile Device Mirroring Command

• Send Mobile Device Personal Hotspot Command

• Send Mobile Device Refresh Cellular Plans Command

• Send Mobile Device Remote Command to Download and Install iOS Update

• Send Mobile Device Remote Lock Command

• Send Mobile Device Remote Wipe Command

• Send Mobile Device Remove Passcode Command

• Send Mobile Device Remove Restrictions Password Command

• Send Mobile Device Restart Device Command

• Send Mobile Device Set Activation Lock Command

• Send Mobile Device Set Device Name Command

• Send Mobile Device Set Wallpaper Command

• Send Mobile Device Shared Device Configuration Commands

• Send Mobile Device Shared iPad Commands

• Send Mobile Device Shut Down Command

• Send Mobile Device Software Update Recommendation Cadence Command

For detailed instructions on setting up these permissions and integrating Jamf Pro with iQ, please refer to the Jamf Pro Documentation here: Jamf Pro Users and Groups Documentation