JAMF provides enterprise-secure solutions with consumer-simple workflows to manage and secure devices and users.

This guide will walk users through 2 types of authentication:

Basic authentication
OAuth authentication

Basic authentication

First, create JAMF Resources in Tines

You will need to create two resources:

JAMF subdomain
JAMF username

Login to your Tines tenant
Navigate to the team that will be using the API and click "Resource"
Click "+ New Resource"
Input the values for the JAMF resource
1. Name: JAMF subdomain
2. Description: Optional
3. Builder: Your JAMF subdomain
Optional
1. Access: What other teams can also use the resource
Click "Save resource"
In Resources, click "+ New Resource"
Input the values for the JAMF resource
1. Name: JAMF username
2. Description: Optional
3. Builder: Your JAMF username
Optional
1. Access: What other teams can also use the resource
Click "Save resource"

Next, create JAMF Credentials in Tines

You will need to create two credentials:

JAMF password
JAMF token

Login to your Tines account
Select the team using the API and click "Credentials"
Click "+ New Credential" and select "Text"
Input the values for the JAMF credential
1. Name: JAMF password
2. Description: Optional
3. Value: Your JAMF password
Optional
1. Access: What other teams can also use the credential
Click "Save"
In Credentials, click "+ New Credential" and select "HTTP Request"
Input the values for the JAMF credential
1. Name: JAMF token
2. Description: Optional
3. URL: https://<subdomain>.jamfcloud.com/api/v1/auth/token
4. Content type: Form
5. Method: post
6. Payload: None
Remove the "Headers" option
Click on "+ Option", select "Basic auth" and add the JAMF username resource and JAMF password credential you created
Click "Run Options" and click the copy button beside token to copy the path.
Next, paste the path to the token into Location of token from response
Optional
1. Access: What other teams can also use the credential
Click "Save"

For more on creating credentials in Tines, click here.

You can find a selection of JAMF stories in the story library.

Using the resource and the credential in an action

When making requests to JAMF, you will:

use the JAMF subdomain resource in the url:

"url":"https://<<RESOURCE.jamf_subdomain>>.jamfcloud.com/JSSResource/computers"

use the JAMF token credential in a header:

"Authorization": "Bearer <<CREDENTIAL.jamf_token>>"

Putting it all together, here is an example JAMF action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"32","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"Get computers","description":"Created from cURL command","options":"{\"url\":\"https://<<RESOURCE.jamf_subdomain>>.jamfcloud.com/JSSResource/computers\",\"method\":\"get\",\"headers\":{\"Authorization\":\"Bearer <<CREDENTIAL.jamf_token>>\"}}","position":{"x":-720,"y":-1275},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":null,"createdFromTemplateGuid":null,"createdFromTemplateVersion":null,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:d4c15df0f02ba4789095426607003199"}],"links":[],"diagramNotes":[]}

OAuth authentication

First, create a Jamf API role and client

Login to your Jamf tenant, i.e. https://<tenant>.jamfcloud.com
Click the "Settings" icon
Click "API Roles and Clients"
Click the "API Roles" tab and then "+ New"
Name the role, choose the privileges for the role and click "Save"
Click the "API Clients" tab and then "+ New"
Name the client, choose the API role you created, click "Enable API client" and then "Save"
Click "Generate client secret"
Click "Copy client credentials to clipboard" and paste into a text editor, then click "Close"

Lastly, create a Jamf credential in Tines

You will need to create three credentials:

Two Text type: "jamf_client_id" and "jamf_client_secret"
One HTTP request type: "Jamf"

Text type

Navigate to the team that will be using the API and click "Credential"
Click "+ New Credential" and select "Text"
Input the values for the Jamf credential
1. Name: jamf_client_id
2. Description: Optional
3. Value: Client ID you copied earlier
Optional
1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains
2. Access: What other teams can also use the API
Click "Save"
Click "+ New Credential" and select "Text"
Input the values for the Jamf credential
1. Name: jamf_client_secret
2. Description: Optional
3. Value: Client Secret you copied earlier
Optional
1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains
2. Access: What other teams can also use the API
Click "Save"

HTTP request type

Navigate to the team that will be using the API and click "Credentials"
Click "+ New Credential" and select "HTTP Request"
Input the values for the Jamf credential
1. Name: Jamf
2. Description: Optional
3. URL: https://<tenant>.jamfcloud.com/api/oauth/token
4. Content Type: Form
5. Method: post
6. Payload: Copy the below object and paste into the "Plain code" section:
```
{
"client_id":"<<CREDENTIAL.jamf_client_id>>",
"client_secret":"<<CREDENTIAL.jamf_client_secret>>",
"grant_type":"client_credentials"
}
```
7. Click "Run options", navigate to the access_token key and double click on the key
8. Location of token from response: Paste the path to the token in the value pill
Optional
1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains
2. Access: What other teams can also use the API
Click "Save"

Your credential should look like the following:

More on creating credentials in Tines here.

You can also find a selection of Jamf stories in the story library.

Cribl Authentication Guide

ThreatQ Authentication Guide