Hey guys. New to JamfPro line-up but I've gotten the hang of it pretty well.
During the integration between Jamf Trust (Security Cloud / Wandera / RADAR / Please setup a naming convention), and Jamf Pro as the UEM, you have the option to either authenticate with Basic Authentication (Username, Password), or with OAuth, utilizing an API client in Jamf Pro with the appropriate permissions.
The permissions are listed here, under the Requirements section. This Requirements section is the same for all versions of the Jamf Trust (Security Cloud, Security, Safe Internet, Wandera, RADAR, Please setup a naming convention) documentation, even the deprecated ones.
Expand
- A Jamf Pro API Role and Client with the required permissions. For more information about API Roles and Clients with Jamf Pro, see API Roles and Clients in the Jamf Pro Documentation.
- For device sync (mandatory), the following permissions are required:
Read Mobile Devices
Read Smart Mobile Device Groups
Read Static Mobile Device Groups
Read Computers
Read Smart Computer Groups
Read Static Computer Groups
Create Static Computer Groups
- To use risk level signaling, data policy signaling, or device threat signaling, the following permissions are also required:
Create Computer Extension Attributes
Delete Computer Extension Attributes
Read Mobile Device Extension Attributes
Delete Mobile Device Extension Attributes
Create Mobile Device Extension Attributes
Update Mobile Devices
Update Computers
Update Users
I have setup an API client in Jamf Pro with these exact permissions, however the UEM integration sync fails with the following error each time:
I've then tried to replace the OAuth credentials with Basic Authentication, using my Jamf Pro superadmin username and password, and the synchronisation works. This points to the documentation having less than the required amount of permissions for UEM to actually work with the API client.
Has anyone figured out what other permissions are required for the API client? I don't want to use my superadmin Basic Authentication credentials.
1 ACCEPTED SOLUTION
