# Jamf

<figure><img src="/files/xc8opTP4HD8bNJgpZGCo" alt=""><figcaption></figcaption></figure>

Live device inventory, ownership mapping, and one-click Lock, Wipe, or Open in Jamf actions, from the side panel or any workflow, with full audit trail.

### What you get

* **Live device inventory** — every Jamf-managed Apple device appears in Siit with model, OS version, serial number, asset tag, and last check-in.
* **Ownership mapping** — Jamf's assigned user populates the Siit Equipment owner, so devices are attached to the right person on every request.
* **One-click actions from any request** — Lock, Wipe, and Open in Jamf Pro, directly from the request side panel.
* **Audit trail** — every action triggered from Siit is logged on the request timeline, with the Jamf command ID for traceability.

### What syncs from Jamf

| Fields                                                                          |
| ------------------------------------------------------------------------------- |
| Device name, serial number, UDID, Jamf ID, asset tag                            |
| Model, model identifier (e.g., MacBookPro18,2), processor, memory, storage      |
| OS (macOS / iOS / iPadOS), OS version, build, supervised / unsupervised status  |
| Assigned user (email), assignment date                                          |
| Enrollment state, management state, last check-in time, last inventory update   |
| FileVault status (Mac), MDM profile installed, jailbreak / root detection (iOS) |

Devices are matched to Siit People using the assigned user's work email.

### Actions available

Available from the request side panel on any device:

* **Lock device** — sends a remote lock MDM command.
* **Wipe device** — sends a remote wipe MDM command (irreversible).
* **Open in Jamf profile** — deep-links to the full device record in your Jamf console.

> **Heads up** — Wipe is irreversible and immediate. Confirm the device, requester, and context carefully before running it.

### Before you connect

* You'll need a Jamf Pro admin account with permission to create an API role and API client (Jamf Pro 10.49+), or a standard account with API access if you're on an earlier version.
* Decide on the scope: Siit can sync all devices, or only a subset (by Jamf site, smart group, or device type).
* Make sure your Jamf users have a valid work email on their user record — this is how Siit matches devices to people.

{% hint style="info" %}
The steps below give you the full flow. For screenshots and the detailed walkthrough, see our Help Center guide: [Jamf integration setup](https://help.siit.io/jamf-integration).
{% endhint %}

### Connect Jamf

1. In Jamf Pro, create an **API Role** named "Siit integration" with the following privileges (read-only except where noted):
   * **Computers** — Read
   * **Mobile Devices** — Read
   * **Users** — Read
   * **Sites** — Read (if you use Jamf sites)
   * **Send Computer Remote Lock Command** — Update *(required for Lock action)*
   * **Send Computer Remote Wipe Command** — Update *(required for Wipe action)*
   * **Send Mobile Device Remote Lock Command** — Update
   * **Send Mobile Device Remote Wipe Command** — Update
2. Create an **API Client** attached to that role. Copy the **Client ID** and **Client Secret** — the secret is shown once.
3. In Siit, go to **Settings → Integrations**.
4. Find **Jamf** in the MDM section and click **Connect**.
5. Enter:
   * Your Jamf Pro URL (e.g., `https://yourcompany.jamfcloud.com`)
   * Client ID
   * Client Secret
6. Click **Authorize**. Siit verifies the connection and runs an initial device import.
7. Review the imported devices and click **Finish setup**.

> **Tip** — Start with the read-only privileges, verify the sync looks right, then add the Lock and Wipe privileges before enabling those actions for agents.

### After the connection

* **Check your Equipment inventory** — go to **Resources → Equipment** in Siit and confirm the device count matches your active Jamf inventory.
* **Scope the sync** — in **Settings → Integrations → Jamf**, narrow the import to specific sites or smart groups if you only want part of the fleet in Siit.
* **Map device types** — confirm Jamf computers are mapped to Siit's "Computer" type, mobile devices to "Smartphone" / "Tablet" as appropriate.
* **Try an action** — open any request, and from the Devices section in the side panel, run **Open in Jamf Pro** to confirm the deep link works.

### Sync frequency

Jamf device data refreshes automatically every few hours. Trigger an immediate refresh from **Settings → Integrations → Jamf → Sync now**. Actions (Lock, Wipe) execute on demand, immediately.

### Common scenarios

* **Lost laptop.** An employee reports their MacBook missing in Slack. The agent opens the request, sees the device in the side panel (pulled from Jamf), and locks it with one click.
* **Offboarding.** On an employee's end date, an agent escalates to a specialist who wipes the returned MacBook directly from the request side panel, then confirms the wipe completed in Jamf Pro.
* **Hardware troubleshooting.** An employee reports a slow machine. The agent sees the model, OS version, and last check-in directly on the ticket — enough context to know whether it's a software or hardware issue before replying.

### Troubleshooting

**"Invalid credentials" on connect.** The Client Secret is wrong or has been regenerated. Create a fresh API Client in Jamf and update Siit.

**Devices missing from Siit.** Check whether they're scoped out. In **Settings → Integrations → Jamf**, review the site / smart group filter. Also confirm the devices are enrolled and checking in to Jamf.

**Owner field is empty.** The device has no assigned user in Jamf, or the user's email doesn't match a Siit person. Assign a user in Jamf and confirm the email matches.

**Lock / Wipe action fails.** The API role is missing the corresponding "Send ... Command" privilege. Add it in Jamf Pro and retry.

**Open in Jamf Pro returns 403.** The admin opening the link doesn't have access to that device record in Jamf. Check Jamf site permissions.

**Recent action not showing.** MDM commands can take a minute to reach the device (especially if it's asleep or off-network). Check the Jamf console for the command's status — Pending, Acknowledged, or Completed.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.siit.io/integrations/mdm/jamf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.