Using Jamf Pro, I wanted to to use Okta for authentication, Azure AD as a Directory Data provider, and I wanted the local accounts on the Macs to be the user’s short name or first.last format. You might use different SAML providers for login or a different directory service, but the principles are the same.
In a past post we discussed some alternatives to making Jamf Pro API calls directly from clients because the API credentials might be misused by a malicious user or an attacker who gains access to a user’s device. Here we’ll take a look at implementing some middleware to make the API calls on the devices’Continue reading “Safer Client API interactions in Jamf Pro? (Zapier Example)”
Organizations are subject to all kinds of auditable compliance standards and having a clear set of measurable benchmarks is an important basis on which to build an information security program. But we need to recognize that just complying with the “letter of the law” or with a pedantic mindset is missing the forest for theContinue reading “Jailbreak Detection in iOS”
Background Some enterprise networks (and sometimes whole countries, but that’s a topic for another blog…) implement an outbound/client proxy through which all traffic exiting a network must flow. Usually an outbound proxy sits between an enterprise network and the internet, but they could be positioned between subnets, or even intercept every network connection the clientsContinue reading “Using an Outbound Proxy with Jamf Pro running on Jamf Cloud”
Most simple Jamf API scripts you see getting shared around are written in Bash. They don’t have to do anything super complicated, Bash is built into macOS, and it’s easier to learn than most other common scripting languages. That was fine for a long time. A quick curl one-liner could get you all the dataContinue reading “A Jamf Pro API Helper in Bash”
DerFlounder posted Updated script for obtaining, checking and renewing Bearer Tokens for the Classic and Jamf Pro APIs recently. It features some ways to load the credentials needed to run the script. Rich’s examples tend to become the canonical way of doing a thing, and for good reason — they’re clear and he explains thingsContinue reading “Jamf Pro API Script Security”
In Jamf Pro you can add a script under Settings and label the parameters. For a shell script these would be $1..$11. Then when adding the script to a policy, we could tell Jamf to send a value to use when running the script and it would show up in “$4”. ($1..$3 are automatically populatedContinue reading “Device-Specific Parameters for Jamf Pro Script Policies”
Shell scripts are probably not a first choice for API programming, but if it’s what you know, it’s what you know. You can do some pretty cool stuff in bash and save yourself a ton of work. Plus bash is available on every Mac so shell scripts are super portable. Shell programming is good atContinue reading “Parse Jamf Pro API JSON data in Shell Scripts”
Their are a lot of flavors to the different MDM command endpoints. There are lots of things you can do and lots of ways to access them. Many commands can be sent to a device or a list of devices with just a URL, some require that you send some additional data in an HTTPContinue reading “ResetCellularPlan MDM action with the Jamf Pro API”
Bottom line — you risk exposing credentials any time… You put them on a user’s device in any form that’s readable by any automation running there. You send them out over a network connection from a client — clients can look at their own network traffic and/or re-direct it anywhere they want.
Use case… we are replacing a computer. We want to add the new computer to the same static groups to which the old computer was assigned.
Background Lot of these developers like to code on a Mac so plenty of Apple admins will have a group of developers to support. Homebrew (or “brew”) is a “package manager” that makes it a lot easier to install and update open-source command line tools on a Mac. It’s the second thing a developer willContinue reading “Managing Brew with Jamf Pro”