HELP: Script for adding computers to STATIC GROUP

@BlackTiger Running a script on a Mac to add it to a static group via the API is not recommended by Jamf. Here's a post from several years ago on how I used a script/Extension Attribute/Smart Group combo in order to allow users to put a Mac in scope for something via Self Service:

https://community.jamf.com/t5/jamf-pro/self-service-policy-to-display-a-list-of-static-groups-and-prompt/m-p/208009#M196694

I have used this approach a lot and it works really well. I have also used MUT to add a lot of Macs to a static group. It works really well for that. I do that only when I have to add 50+ Macs to a group.

But to use MUT you need the serial numbers of those computers need to be exported first and then you can use them to move them to static groups, right? Thats how I did it once and am not sure there are other easy way to do it. 

Thanks. 

Actually, I looked up into the post shared (thank you) and couldn't get my head around for the script you used. 

Below is the sample script I been working on, created with the use of chatgpt :) 

Appreciate if you can help to simplify it to make it work. 

#!/bin/bash

# Jamf Pro Server details
JAMF_URL="https://your-on-prem-jamf-server:8443"
API_USER="your-api-username"
API_PASS="your-api-password"

# Function to get an API token
get_api_token() {
echo "Retrieving API token..."
RESPONSE=$(curl -su "$API_USER:$API_PASS" -H "Accept: application/json" -X POST "$JAMF_URL/api/v1/auth/token")
API_TOKEN=$(echo "$RESPONSE" | sed -n 's/.*"token":"\\([^"]*\\)".*/\\1/p')

if [[ -z "$API_TOKEN" ]]; then
echo "Error: Failed to retrieve API token."
exit 1
fi
}

# Get an API token
get_api_token

# Define Static Groups and their IDs
echo "Select a Static Group to add the computer:"
echo "1) macOS Update test group 1 (ID: 233)"
echo "2) macOS Update test group 2 (ID: 239)"
echo "3) Test (ID: 228)"
read -p "Enter your choice (1-3): " GROUP_CHOICE

case $GROUP_CHOICE in
1) STATIC_GROUP_ID="233"; GROUP_NAME="macOS Update test group 1" ;;
2) STATIC_GROUP_ID="239"; GROUP_NAME="macOS Update test group 2" ;;
3) STATIC_GROUP_ID="228"; GROUP_NAME="Test" ;;
*) echo "Invalid selection. Exiting."; exit 1 ;;
esac

# Get the MacBook's Computer Name
COMPUTER_NAME=$(scutil --get ComputerName)

if [[ -z "$COMPUTER_NAME" ]]; then
echo "Error: Unable to retrieve the computer name."
exit 1
fi

echo "Computer Name: $COMPUTER_NAME"

# Get Computer ID from Jamf Pro
RESPONSE=$(curl -s -H "Authorization: Bearer $API_TOKEN" -H "Accept: application/json" "$JAMF_URL/JSSResource/computers/match/$COMPUTER_NAME")

COMPUTER_ID=$(echo "$RESPONSE" | sed -n 's/.*"id":[ ]*\\([0-9]*\\).*/\\1/p')

if [[ -z "$COMPUTER_ID" ]]; then
echo "Error: Computer not found in Jamf Pro. Ensure it is enrolled."
exit 1
fi

echo "Computer ID: $COMPUTER_ID"

# Add Computer to Static Group
echo "Assigning $COMPUTER_NAME (ID: $COMPUTER_ID) to Static Group: $GROUP_NAME (ID: $STATIC_GROUP_ID)"

curl -s -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/xml" -X PUT \\
-d "<computer_group><computer_additions><computer><id>$COMPUTER_ID</id></computer></computer_additions></computer_group>" \\
"$JAMF_URL/JSSResource/computergroups/id/$STATIC_GROUP_ID"

if [[ $? -eq 0 ]]; then
echo "Successfully added $COMPUTER_NAME to Static Group: $GROUP_NAME (ID: $STATIC_GROUP_ID)"
else
echo "Failed to add the computer to the group."
fi

# Invalidate the API token after use
echo "Invalidating API token..."
curl -s -H "Authorization: Bearer $API_TOKEN" -X POST "$JAMF_URL/api/v1/auth/invalidate-token"

echo "Script completed."

Hello @BlackTiger 

Your question

1. If I run a script with API credentials on students' machines, is there a way students can find or check the credentials? 

Simple answer - Yes, if this is a concern there are other ways to accomplish that.

Now, if I understood the ask, you would like a self-service policy to offer the students to participate in the 'macOS Update test group' of their choice. 

Once that is done (run once policy) the Mac will be "locked" in that static group and then you can run other processes from those static groups.

Option 1.

One self-service policy with an osascript/jamfhelper script to display the dropdown menu with the 3 choices.

PPPC configuration profile may be required to allow for osascript/bash script as you will need to run this in the user context.

The policy will contain the API creds to write into the static group of choice.

OR

If the potential exposure of the API creds is a concern, write a local file to populate an EA so that can be used in Jamf Pro, if this the best option there is not need to create and populate static groups as the EA itself can be used for that.

Option 2. 

More policies but no osascript/jamfhelper to display the dropdown menu, no script and no PPPC.

If you have 3 test groups, you can have 3 self-service policies to write the local file and populate the EA with the respective value.

Once one policy is run (the EA gets populated) you can then exclude the Mac from the policies (hide them), Mac gets locked into that test group.

The possible UI/UX benefit here is that you can have logos, good descriptions, links to documents explaining what each group will do, reinforcing any previous communication.

To write a local file for the EA all you will need is:

1. Create an EA to read local file 

2. In the policy(or policies), create all the self-service bits.

click:

Configure 'Files and Processes' and add in 'Execute Command' something like:

click Configure Maintenance tick Update Inventory.

I hope this helps.

Let me know which approach you would like to take and we can discuss it further.

Regards

Mauricio