Using alternative Username Formats in Jamf Pro with Okta and Azure AD

Using Jamf Pro, I wanted to to use Okta for authentication, Azure AD as a Directory Data provider, and I wanted the local accounts on the Macs to be the user’s short name or first.last format. You might use different SAML providers for login or a different directory service, but the principles are the same.


Safer Client API interactions in Jamf Pro? (Zapier Example)

In a past post we discussed some alternatives to making Jamf Pro API calls directly from clients because the API credentials might be misused by a malicious user or an attacker who gains access to a user’s device. Here we’ll take a look at implementing some middleware to make the API calls on the devices’Continue reading “Safer Client API interactions in Jamf Pro? (Zapier Example)”

Jailbreak Detection in iOS

Organizations are subject to all kinds of auditable compliance standards and having a clear set of measurable benchmarks is an important basis on which to build an information security program. But we need to recognize that just complying with the “letter of the law” or with a pedantic mindset is missing the forest for theContinue reading “Jailbreak Detection in iOS”

Using an Outbound Proxy with Jamf Pro running on Jamf Cloud

Background Some enterprise networks (and sometimes whole countries, but that’s a topic for another blog…) implement an outbound/client proxy through which all traffic exiting a network must flow. Usually an outbound proxy sits between an enterprise network and the internet, but they could be positioned between subnets, or even intercept every network connection the clientsContinue reading “Using an Outbound Proxy with Jamf Pro running on Jamf Cloud”

Jamf Pro API Script Security

DerFlounder posted Updated script for obtaining, checking and renewing Bearer Tokens for the Classic and Jamf Pro APIs recently. It features some ways to load the credentials needed to run the script. Rich’s examples tend to become the canonical way of doing a thing, and for good reason — they’re clear and he explains thingsContinue reading “Jamf Pro API Script Security”

Device-Specific Parameters for Jamf Pro Script Policies

In Jamf Pro you can add a script under Settings and label the parameters. For a shell script these would be $1..$11. Then when adding the script to a policy, we could tell Jamf to send a value to use when running the script and it would show up in “$4”. ($1..$3 are automatically populatedContinue reading “Device-Specific Parameters for Jamf Pro Script Policies”

Parse Jamf Pro API JSON data in Shell Scripts

Shell scripts are probably not a first choice for API programming, but if it’s what you know, it’s what you know. You can do some pretty cool stuff in bash and save yourself a ton of work. Plus bash is available on every Mac so shell scripts are super portable. Shell programming is good atContinue reading “Parse Jamf Pro API JSON data in Shell Scripts”

ResetCellularPlan MDM action with the Jamf Pro API

Their are a lot of flavors to the different MDM command endpoints. There are lots of things you can do and lots of ways to access them. Many commands can be sent to a device or a list of devices with just a URL, some require that you send some additional data in an HTTPContinue reading “ResetCellularPlan MDM action with the Jamf Pro API”

Managing Brew with Jamf Pro

Background Lot of these developers like to code on a Mac so plenty of Apple admins will have a group of developers to support. Homebrew (or “brew”) is a “package manager” that makes it a lot easier to install and update open-source command line tools on a Mac. It’s the second thing a developer willContinue reading “Managing Brew with Jamf Pro”