Ctrlk
Help centerAPI referenceChangelogWebsiteLoginBook a demo

Jamf

Connect Jamf Pro to Siit to sync your Apple device fleet. Jamf is the most common choice for teams standardized on Apple. Siit's integration covers Jamf Pro.

Live device inventory, ownership mapping, and one-click Lock, Wipe, or Open in Jamf actions, from the side panel or any workflow, with full audit trail.

What you get

  • Live device inventory — every Jamf-managed Apple device appears in Siit with model, OS version, serial number, asset tag, and last check-in.

  • Ownership mapping — Jamf's assigned user populates the Siit Equipment owner, so devices are attached to the right person on every request.

  • One-click actions from any request — Lock, Wipe, and Open in Jamf Pro, directly from the request side panel.

  • Audit trail — every action triggered from Siit is logged on the request timeline, with the Jamf command ID for traceability.

What syncs from Jamf

Fields

Device name, serial number, UDID, Jamf ID, asset tag

Model, model identifier (e.g., MacBookPro18,2), processor, memory, storage

OS (macOS / iOS / iPadOS), OS version, build, supervised / unsupervised status

Assigned user (email), assignment date

Enrollment state, management state, last check-in time, last inventory update

FileVault status (Mac), MDM profile installed, jailbreak / root detection (iOS)

Devices are matched to Siit People using the assigned user's work email.

Actions available

Available from the request side panel on any device:

  • Lock device — sends a remote lock MDM command.

  • Wipe device — sends a remote wipe MDM command (irreversible).

  • Open in Jamf profile — deep-links to the full device record in your Jamf console.

Heads up — Wipe is irreversible and immediate. Confirm the device, requester, and context carefully before running it.

Before you connect

  • You'll need a Jamf Pro admin account with permission to create an API role and API client (Jamf Pro 10.49+), or a standard account with API access if you're on an earlier version.

  • Decide on the scope: Siit can sync all devices, or only a subset (by Jamf site, smart group, or device type).

  • Make sure your Jamf users have a valid work email on their user record — this is how Siit matches devices to people.

The steps below give you the full flow. For screenshots and the detailed walkthrough, see our Help Center guide: Jamf integration setup.

Connect Jamf

  1. In Jamf Pro, create an API Role named "Siit integration" with the following privileges (read-only except where noted):

    • Computers — Read

    • Mobile Devices — Read

    • Users — Read

    • Sites — Read (if you use Jamf sites)

    • Send Computer Remote Lock Command — Update (required for Lock action)

    • Send Computer Remote Wipe Command — Update (required for Wipe action)

    • Send Mobile Device Remote Lock Command — Update

    • Send Mobile Device Remote Wipe Command — Update

  2. Create an API Client attached to that role. Copy the Client ID and Client Secret — the secret is shown once.

  3. In Siit, go to Settings → Integrations.

  4. Find Jamf in the MDM section and click Connect.

  5. Enter:

    • Your Jamf Pro URL (e.g., https://yourcompany.jamfcloud.com)

    • Client ID

    • Client Secret

  6. Click Authorize. Siit verifies the connection and runs an initial device import.

  7. Review the imported devices and click Finish setup.

Tip — Start with the read-only privileges, verify the sync looks right, then add the Lock and Wipe privileges before enabling those actions for agents.

After the connection

  • Check your Equipment inventory — go to Resources → Equipment in Siit and confirm the device count matches your active Jamf inventory.

  • Scope the sync — in Settings → Integrations → Jamf, narrow the import to specific sites or smart groups if you only want part of the fleet in Siit.

  • Map device types — confirm Jamf computers are mapped to Siit's "Computer" type, mobile devices to "Smartphone" / "Tablet" as appropriate.

  • Try an action — open any request, and from the Devices section in the side panel, run Open in Jamf Pro to confirm the deep link works.

Sync frequency

Jamf device data refreshes automatically every few hours. Trigger an immediate refresh from Settings → Integrations → Jamf → Sync now. Actions (Lock, Wipe) execute on demand, immediately.

Common scenarios

  • Lost laptop. An employee reports their MacBook missing in Slack. The agent opens the request, sees the device in the side panel (pulled from Jamf), and locks it with one click.

  • Offboarding. On an employee's end date, an agent escalates to a specialist who wipes the returned MacBook directly from the request side panel, then confirms the wipe completed in Jamf Pro.

  • Hardware troubleshooting. An employee reports a slow machine. The agent sees the model, OS version, and last check-in directly on the ticket — enough context to know whether it's a software or hardware issue before replying.

Troubleshooting

"Invalid credentials" on connect. The Client Secret is wrong or has been regenerated. Create a fresh API Client in Jamf and update Siit.

Devices missing from Siit. Check whether they're scoped out. In Settings → Integrations → Jamf, review the site / smart group filter. Also confirm the devices are enrolled and checking in to Jamf.

Owner field is empty. The device has no assigned user in Jamf, or the user's email doesn't match a Siit person. Assign a user in Jamf and confirm the email matches.

Lock / Wipe action fails. The API role is missing the corresponding "Send ... Command" privilege. Add it in Jamf Pro and retry.

Open in Jamf Pro returns 403. The admin opening the link doesn't have access to that device record in Jamf. Check Jamf site permissions.

Recent action not showing. MDM commands can take a minute to reach the device (especially if it's asleep or off-network). Check the Jamf console for the command's status — Pending, Acknowledged, or Completed.

PreviousMDMNextIntune

Last updated