# Jamf Pro

### Overview

The Veza integration connects to Jamf Pro to discover Users, Groups, and Sites. Jamf is typically used for deploying and maintaining software, responding to security threats, distributing settings, and analyzing inventory data. Enabling the integration lets you use Veza to visualize, audit, and create rules for users with privileged access to Jamf, and their group and role assignments.

### Prerequisites

* A Jamf Pro instance
* Administrator permissions to create a Jamf API role and API client

#### Create an API Role

To grant privileges to an API client in Jamf Pro, you must first create an API role that defines a set of permissions:

1. In Jamf Pro, click **Settings** in the sidebar.
2. In the **System** section, click **API Roles and Clients**.
3. Open the **API Roles** tab at the top of the pane.
4. Click **New**.
5. Enter a name for the API role.
6. In the Jamf Pro API role privileges field, begin typing the name of a privilege you want to assign, and then select it from the menu. Required privileges for the integration are: `Read User`, `Read Static User Groups`, `Read Smart User Groups`, and `Read Accounts`.
7. Click **Save**.

![Adding an API role in Jamf pro](/files/6ih0K2g5h3VLOkTZqjVz)

#### Create an API Client

Add an API client Veza will use for authentication. Attach the new role to the API client:

1. In Jamf Pro, click **Settings** in the sidebar.
2. In the **System** section, click **API Roles and Clients**.
3. Click the **API Clients** tab at the top of the pane.
4. Click **New**.
5. Enter a display name for the API client.
6. In the **API Roles** field, add the role you created for the Veza integration.
7. Under **Access Token Lifetime**, enter the time in seconds that you want access tokens to be valid for.
8. Click **Save**.
9. Click **Edit**.
10. Click **Enable API Client** to allow the client to be used to generate a client secret.
11. Click **Save**.

#### Generate Client Secret

Create a secret for authenticating the API client:

1. In Jamf Pro, open the API client to generate an access token.
2. Click **Generate Client Secret**. A confirmation dialog appears.
3. Click **Create Secret**. A pop-up window appears with the client secret. Copy this value.

**Note:** The client secret will only appear once. Save it to a secure location before dismissing the dialog.

Veza will use the client secret to generate an access token. See [API Authentication](https://developer.jamf.com/jamf-pro/docs/getting-started-2) for more details.

**Note:** Rate limiting is not supported. See [Jamf Pro API Scalability Best Practices](https://developer.jamf.com/developer-guide/docs/jamf-pro-api-scalability-best-practices#rate-limiting) for more details.

### Add Jamf Integration to Veza

To enable Veza to gather data from the Jamf Pro platform:

1. Browse to your Veza instance.
2. On the navigation bar, click **Integrations**, then click **Add Integration**.
3. Find **Jamf Pro** and click **Next**.
4. Enter the required values, then click **Create Integration**:
   * **Company Name**: Name of the Company. This is the same as the name in your Jamf URL (i.e., `https://<yourCompany>.jamfcloud.com/`).
   * **Client Id**: OAuth Integration Client ID.
   * **Client Secret**: OAuth Integration Client Secret.
   * **URL** (Optional): URL to use instead of `https://<yourCompany>.jamfcloud.com/`.

### Notes and Supported Entities

The integration uses the Custom Application template to model graph entities:

* Company Name > Application
* User > Local User
* Groups > Local Group
* Site > Resource
* Privilege Set > Local Role
* Privileges > Permission

| **Entity**   | **Property**            | **Description**                                       |
| ------------ | ----------------------- | ----------------------------------------------------- |
| **User**     | `id`                    | Unique ID of the user.                                |
|              | `name`                  | Name of the user.                                     |
|              | `full_name`             | Full name of the user.                                |
|              | `is_active`             | Whether the user is enabled or disabled.              |
|              | `access_level` (Custom) | Access level: Full Access, Site Access, Group Access. |
| **Group**    | `id`                    | Unique ID of the group.                               |
|              | `name`                  | Name of the group.                                    |
|              | `access_level` (Custom) | Access level: Full Access, Site Access, Group Access. |
| **Resource** | `id`                    | Unique ID of the Site.                                |
|              | `name`                  | Name of the Site.                                     |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/jamf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.