Adding a Jamf Pro Environment
Overview
AppsAnywhere has the ability to link to any Jamf Pro environment in order to deliver managed resources to end users. Once you link AppsAnywhere to a new Jamf Pro environment you will be able to import policies, e-books and mac app store applications that are configured in that environment into AppsAnywhere and make them available to your users through as part of your delivery strategy. In this article, we will discover how to create a new connection to a Jamf Pro environment.
Creating the connection
Log into AppsAnywhere as an admin user
Click on Return to Admin to access the AppsAnywhere admin portal
On the sidebar menu, go to Connectors > Jamf Pro Server
Click on the Add button on the top right of the page
Enter the details of your Jamf Pro environment:
Form Field Name | Explanation | Expected Value | Example |
|---|---|---|---|
Name | A friendly name for the connection | You can call the connection anything you want | My Jamf Pro Environment |
Host | The fully qualified domain name for your Jamf Pro instance | This should be the highest-level DNS name available for your Jamf Pro instance. This can be a cloud instance or a local instance | myorganisation.jamfcloud.com |
Port | The port that your Jamf Pro instance is running on | This usually depends on whether you are using a secure connection or not, but we presume you are by default | 8443 |
Service User | The account that AppsAnywhere will use to authenticate with the Jamf Pro API | The username for the service account you created (see details further down the page) | appsanywhere_service_user |
Service User Password | The password for the service user that AppsAnywhere will use to authenticate with the Jamf Pro API | The secure password that was created for the service account when it was set up in Jamf Pro. | 65b2*TpQX7uJz7Gn4rE2 * please don't use that one.. |
Allow User-Level MDM | Indicates whether users logged into their macOS device with a local user account can still access Jamf Pro resources. This only applies to devices that are not joined to the domain | This option should only be enabled if you fully understand the implications of enabling user-level MDM (see warning below) and you are happy for AppsAnywhere to enable User-Level MDM on your user's devices | Do Not Allow |
Enabling User-Level MDM can impact existing workflows. Use with caution!
For computers with macOS 10.13.2 and later, the workflow AppsAnywhere uses for enabling MDM for local user accounts will reset any previous User Approved MDM Enrollments. If you use UAMDM as a part of any existing ongoing workflows within your organisation, you should evaluate the impact of these changes before enabling this setting in AppsAnywhere.
See the Jamf Knowledgebase for more information.
Test the connection
A separate “Test connection” button is available next to the “Save” button on the form, which can be used to help you determine whether working details have been entered or not. The details in the form will not be saved when this button is used, allowing you to make sure the entered details are correct before committing to anything.
The “Test connection” button next to the “Save” button
More information about this connection test can be found on the Status dashboard page, and in both the Service Account Requirements, and Required Privileges sections on this page right here.
Save the connection
Once you have entered all of the relevant details of the connection, hit the Save button
You will then be sent back to the Viewing Jamf Pro Environments page, where you should see your new connection and the following message:
Service Account Requirements
For AppsAnywhere to interact with your Jamf Pro environment, a service account is required. The credentials for this service account are entered into the details for the Jamf Pro environment, as described above.
For security reasons, we recommend creating a dedicated account to use for this integration, the requirements for which are set out below:
Log into your Jamf Pro environment with an account that has permissions to create new users.
Click on the Settings Cog (
) in the top right corner
Go to Jamf Pro User Accounts & Groups
Click New
Select Create Standard Account and click Next
Choose a Username for the service user (e.g. appsanywhere_service_user)
Set Access Level to Full Access
Set Privilege Set to Custom
Set Access Status to Enabled
Choose your own Display Name for the user (e.g. AppsAnywhere User)
Enter an Email Address for the account (we suggest a group account, so no one person is responsible for the account)
Choose a secure Password for the account (recommended > 20 characters, random characters including numbers and symbols)
Leave Force user to change password at next login unchecked
Click on the Privileges tab at the top
Select the required privileges as shown in the table below
Click Save
Required Privileges
Jamf Pro Server Objects
Server Object | Create | Read | Update | Delete |
|---|---|---|---|---|
Computers | YES | |||
eBooks | YES | |||
Mac App Store Apps | YES | YES | ||
Policies | YES |
That's it!