search
Feature Requests

Requirements

Jamf Pro permissions required for nDuo iQ features

The permissions below control what nDuo iQ can access and do within your Jamf Pro environment. You can tailor the privilege set to match your organisation's needs - only grant the permissions for features you intend to use.

hashtag
Requirements for Read-Only Access:

These are the minimum permissions required to sign in and browse your device inventory.

Jamf Pro Server Objects:

  • Computers - Read

  • Mobile Devices - Read

  • Users - Read

Without all three of these permissions, nDuo iQ will not allow sign-in.

hashtag
Requirements for Full App Functionality:

These permissions can be modified to suit your needs. Only add the permissions for features you want to enable.

Jamf Pro Server Objects:

  • Computers - Read, Update

  • Mobile Devices - Read, Create

  • Users - Read

  • Managed Software Updates - Read, Create

  • Patch Management Software Titles - Read

Jamf Pro Server Actions - Computer Commands:

Add these to allow your team to send management commands to Mac devices.

  • Send Computer Remote Lock Command - Lock a Mac

  • Send Computer Remote Wipe Command - Erase a Mac

  • Send Computer Restart Command - Restart a Mac

  • Send Computer Bluetooth Command - Enable or disable Bluetooth

  • Send Computer Remote Desktop Command - Enable or disable Remote Desktop

  • Send Computer Unmanage Command - Remove the MDM profile from a Mac

  • Send Computer Remote Command to Download and Install OS X Update - Schedule a macOS update

  • Flush MDM Commands - Clear failed or pending MDM commands from the queue

  • View Disk Encryption Recovery Key - View the FileVault recovery key for a Mac

  • View Recovery Lock - View the Recovery Lock password for a Mac

  • View Local Admin Password - View LAPS credentials (Local Administrator Password Solution)

Jamf Pro Server Actions - Mobile Device Commands:

These commands require the "Create Mobile Devices" Server Object permission listed above. This is a Jamf Pro API requirement - without it, no mobile device commands will function.

  • Send Mobile Device Remote Lock Command - Lock an iPhone or iPad

  • Send Mobile Device Remote Wipe Command - Erase an iPhone or iPad

  • Send Mobile Device Restart Device Command - Restart an iPhone or iPad

  • Send Mobile Device Remove Passcode Command - Clear the device passcode

  • Send Mobile Device Bluetooth Command - Enable or disable Bluetooth

  • Send Mobile Device Remote Command to Download and Install iOS Update - Schedule an iOS or iPadOS update

  • Send Inventory Requests to Mobile Devices - Request an inventory update

  • Send Blank Pushes to Mobile Devices - Send a blank push notification

  • Unmanage Mobile Devices - Remove the MDM profile

  • Send Mobile Device Lost Mode Command - Enable or disable Lost Mode on an iPhone or iPad

  • View Mobile Device Lost Mode Location - View the device location while Lost Mode is active

Jamf Pro Server Actions - Device Inventory Editing:

The Update Computers Server Object permission (listed above) enables editing the following fields on a Mac device record:

  • Asset Tag

  • Username

  • Full Name

  • Email Address

  • Phone Number

  • Position

  • Room

  • Building

  • Department

PreviousJamf ProNextMicrosoft Intune

Last updated