Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            JAMF - Endpoint Management

            Created by David Esposito, Modified on Wed, 25 Sep at 3:20 PM by David Esposito

            Method: OAuth Client Credentials

            Estimated Time to Complete: 10 minutes

            Installer: JAMF Administrator


            The API Roles and Clients functionality in Jamf Pro provides a dedicated interface for controlling access to the Jamf Pro API and the Classic API. You can create custom privilege sets as API roles and then assign them as needed, ensuring API clients have only the necessary capabilities for their tasks. Roles can also be shared between clients or assigned more than one to a client, allowing you to manage and reuse privilege sets for various purposes in a convenient and granular way.


            Creating an API Role

            To grant privileges to an API client in Jamf Pro, you must first create an API role that defines a privilege set. One or more of these roles can then be assigned to a client to grant their cumulative privileges.

            1. In Jamf Pro, click “Settings” in the sidebar.

            2. In the "System" section, click "API Roles and Clients".

            3. Click the "API Roles" tab at the top of the pane.

            4. Click "+ New".

            5. Enter a display name for the API role, e.g. Amplifier Security READ_ONLY Role

            6. In the "Jamf Pro API role privileges" field, add the following permissions

              • Read macOS Configuration Profiles

              • Read Computers

            7. Click "Save"


            Creating an API Client

            1. In Jamf Pro, click "Settings" in the sidebar.

            2. In the "System" section, click "API roles and client".

            3. Click the "APl Clients" tab at the top of the pane.

            4. Click "New".

            5. Enter a display name for the API client, e.g. Amplifier Security Integration

            6. In the API Roles field, add the roles you just created.

            7. Under Access Token Lifetime, enter 14400 (4 hours).

              • Extended token TTL are required for ingestion of large amounts of data. If you are concerned about having READ_ONLY tokens with 4 hour TTL please reach out to Amplifier to find a solution.

            8. Click "Enable API Client" to allow the client to be used to generate a client secret.

            9. Click "Save".


            Generating a Client Secret

            1. In Jamf Pro, navigate to the API client created above.

            2. Click Generate Client Secret.

              • A confirmation dialog appears. Click "Create Secret"

            3. A pop-up window appears with the client secret.

              • Note: The client secret will only be displayed once.

            4. Enter the "Client ID" and "Client Secret" in the form below.


            Note: Base Url is the url that you use to login. It should include the scheme and domain but not any resource path, e.g. https://amplifier-security.jamfcloud.com

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0