JAMF Authentication Guide

How to authenticate JAMF for use with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over a week ago

JAMF provides enterprise-secure solutions with consumer-simple workflows to manage and secure devices and users.

This guide will walk users through 2 types of authentication:

Basic authentication

First, create JAMF Resources in Tines

You will need to create two resources:

  • JAMF subdomain

  • JAMF username

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Resource"

  3. Click "+ New Resource"

  4. Input the values for the JAMF resource

    1. Name: JAMF subdomain

    2. Description: Optional

    3. Builder: Your JAMF subdomain

  5. Optional

    1. Access: What other teams can also use the resource

  6. Click "Save resource"

  7. In Resources, click "+ New Resource"

  8. Input the values for the JAMF resource

    1. Name: JAMF username

    2. Description: Optional

    3. Builder: Your JAMF username

  9. Optional

    1. Access: What other teams can also use the resource

  10. Click "Save resource"

Next, create JAMF Credentials in Tines

You will need to create two credentials:

  • JAMF password

  • JAMF token

  1. Login to your Tines account

  2. Select the team using the API and click "Credentials"

  3. Click "+ New Credential" and select "Text"

  4. Input the values for the JAMF credential

    1. Name: JAMF password

    2. Description: Optional

    3. Value: Your JAMF password

  5. Optional

    1. Access: What other teams can also use the credential

  6. Click "Save"

  7. In Credentials, click "+ New Credential" and select "HTTP Request"

  8. Input the values for the JAMF credential

    1. Name: JAMF token

    2. Description: Optional

    3. URL: https://<subdomain>.jamfcloud.com/api/v1/auth/token

    4. Content type: Form

    5. Method: post

    6. Payload: None

  9. Remove the "Headers" option

  10. Click on "+ Option", select "Basic auth" and add the JAMF username resource and JAMF password credential you created


  11. Click "Run Options" and click the copy button beside token to copy the path.


  12. Next, paste the path to the token into Location of token from response


  13. Optional

    1. Access: What other teams can also use the credential

  14. Click "Save"

For more on creating credentials in Tines, click here.

You can find a selection of JAMF stories in the story library.

Using the resource and the credential in an action

When making requests to JAMF, you will:

  • use the JAMF subdomain resource in the url:

"url":"https://<<RESOURCE.jamf_subdomain>>.jamfcloud.com/JSSResource/computers"
  • use the JAMF token credential in a header:

"Authorization": "Bearer <<CREDENTIAL.jamf_token>>"

Putting it all together, here is an example JAMF action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"32","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"Get computers","description":"Created from cURL command","options":"{\"url\":\"https://<<RESOURCE.jamf_subdomain>>.jamfcloud.com/JSSResource/computers\",\"method\":\"get\",\"headers\":{\"Authorization\":\"Bearer <<CREDENTIAL.jamf_token>>\"}}","position":{"x":-720,"y":-1275},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":null,"createdFromTemplateGuid":null,"createdFromTemplateVersion":null,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:d4c15df0f02ba4789095426607003199"}],"links":[],"diagramNotes":[]}

OAuth authentication

First, create a Jamf API role and client

  1. Login to your Jamf tenant, i.e. https://<tenant>.jamfcloud.com

  2. Click the "Settings" icon


  3. Click "API Roles and Clients"

  4. Click the "API Roles" tab and then "+ New"


  5. Name the role, choose the privileges for the role and click "Save"


  6. Click the "API Clients" tab and then "+ New"


  7. Name the client, choose the API role you created, click "Enable API client" and then "Save"


  8. Click "Generate client secret"


  9. Click "Copy client credentials to clipboard" and paste into a text editor, then click "Close"

Lastly, create a Jamf credential in Tines

You will need to create three credentials:

  • Two Text type: "jamf_client_id" and "jamf_client_secret"

  • One HTTP request type: "Jamf"

Text type

  1. Navigate to the team that will be using the API and click "Credential"

  2. Click "+ New Credential" and select "Text"

  3. Input the values for the Jamf credential

    1. Name: jamf_client_id

    2. Description: Optional

    3. Value: Client ID you copied earlier

  4. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  5. Click "Save"

  6. Click "+ New Credential" and select "Text"

  7. Input the values for the Jamf credential

    1. Name: jamf_client_secret

    2. Description: Optional

    3. Value: Client Secret you copied earlier

  8. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  9. Click "Save"

HTTP request type

  1. Navigate to the team that will be using the API and click "Credentials"

  2. Click "+ New Credential" and select "HTTP Request"

  3. Input the values for the Jamf credential

    1. Name: Jamf

    2. Description: Optional

    3. URL: https://<tenant>.jamfcloud.com/api/oauth/token

    4. Content Type: Form

    5. Method: post

    6. Payload: Copy the below object and paste into the "Plain code" section:

      {
      "client_id":"<<CREDENTIAL.jamf_client_id>>",
      "client_secret":"<<CREDENTIAL.jamf_client_secret>>",
      "grant_type":"client_credentials"
      }

    7. Click "Run options", navigate to the access_token key and double click on the key


    8. Location of token from response: Paste the path to the token in the value pill

  4. Optional

    1. Domains: Ensure this credential can only be used when making HTTP requests to specific domains

    2. Access: What other teams can also use the API

  5. Click "Save"

Your credential should look like the following:

More on creating credentials in Tines here.

You can also find a selection of Jamf stories in the story library.

Did this answer your question?