Jamf Nation Community

DanVT · ‎07-27-2023

Hi All,

We are setting up the JAMF Pro - ServiceNow integration and it seems that on the Jamf side I only needed to provide an API account that has Read access to Computers and Mobile Devices. I set this up and I get the below error on the SNOW side of things. I am not finding any details on the error. What am I missing here? I do use SSO in Jamf, but in this case I am using a non-sso local account created in Jamf. I have confirmed we are adding our JAMF URL to the SNOW connection config. I should just be providing the https:/orghere.jamfcloud.com URL without any extras I assume?

This is the error we see in SNOW when trying to test the connection we setup.

Error: Unable to make a connection to JAMF API call. Please check your credential configuration. Check system log for more details. HTTP return status code was -1 (sys_script_include.3fa7da3673b210104ae4b41afaf6a727.script; line 57)

I appreciate any help you may have!

-Dan

sdagley · ‎07-27-2023

@DanVT Is the API call using Basic Auth or Bearer Token auth? If the former you need to change it to the latter (or enable API access via Basic Auth but that's probably going away soon): https://community.jamf.com/t5/tech-thoughts/how-to-convert-classic-api-scripts-to-use-bearer-token/b...

DanVT · ‎07-27-2023

So I am new to Jamf and API's. I started by creating a new local user called 'JamfServiceNowAPI' with a password, and gave it read access to Mobile and Computers. I assumed this was the 'API Account' I needed to create. From the URL you linked, it seems I have to build out a script and get that uploaded to Jamf. How does SNOW then 'call' that script and pass the token?

sdagley · ‎07-27-2023

@DanVT You wouldn't upload a script to Jamf Pro to be called by SNOW. I can't speak for how to write a SNOW script, but the article I linked to shows the changes needed to change from the older Basic Auth mechanism to Bearer Token Auth in general for a standalone script, not necessarily one that would be uploaded to Jamf Pro. If you don't see something similar to:

--user "$username:$password"

In your SNOW script you might want to consult with someone who is familiar with SNOW scripting to ask how the authentication system for calling into the Jamf Pro API can be changed.

DanVT · ‎07-27-2023

thanks for that info! Our SNOW admin just asked for a username\password as they have to fill out a field in SNOW with the JAMF API account that has the selected read permissions I created. I will see if he can shed light on the SNOW side of things. The instructions state we need a username and password with the correct permissions, but I guess I am confused as to where this script comes into play. I thought I just had to create the specified account with correct permissions and hand that off to the SNOW admin.

sdagley · ‎07-27-2023

I should have elaborated that you'll still need the username and password for access tot he API, but the way the API will be called is that the username and password credentials will only be used to request a token, and then the API calls to extract the data for SNOW will use the token for authorization to access the API.

DanVT · ‎07-27-2023

thanks for the explanations!

DanVT · ‎08-03-2023

Quick update. This was an error on the SNOW side. There was a typo!

ksowa_wes · ‎08-31-2023

What was the typo? We are currently struggling with integrating ServiceNow and Jamf as well.

DanVT · ‎08-31-2023

The issue was on the SNOW side. It turns out SNOW added an extra // to the http line when configuring within SNOW.

ksowa_wes · ‎08-31-2023

Thanks for the quick reply! Do you recall where? I am guessing where you specify the url in ServiceNow, for example https://myjamfinstance.com ?

DanVT · ‎08-31-2023

I am not a SNOW admin, but from what they told me, that's it exactly, where you add the JAMF instance URL.

Jamf Nation Community

JAMF Pro API and ServiceNow