Required Jamf Pro Account Permissions
Important:The Jamf Pro account requires full admin access and Administrator privileges in Jamf Pro Account settings. If not provided, then the Jamf Pro integration with App Portal results in a 401 unauthorized error.
In order for App Portal to be successfully integrated with Jamf Pro, your Jamf Pro account needs to have a specific set of minimum permissions. To define permissions on your Jamf Pro account, perform the following steps:
To set required permissions on your Jamf Pro account:
| 1. | Launch Jamf Pro and login using your Jamf Pro account. |
| 2. | On the Jamf Pro home page, click the Settings “gear” icon at the top right: |
The System Settings tab opens.
| 3. | Click Jamf Pro User Accounts & Groups. The Jamf Pro User Accounts & Groups page opens. |
| 4. | Click on the name of your Jamf Pro account. The Account tab of the account settings page opens. |
| 5. | Make sure that Privilege Set is set to Administrator and that Access Status is set to Enabled. |
Note:In some versions of Jamf Pro, the Access Status field may be named Access Level. If so, set Access Level to Full Access.
Important:If your Jamf Pro system account does not have Administrator privileges, then App Portal will be unable to integrate with Jamf Pro.
| 6. | Open the Privileges tab. The Jamf Pro Server Objects subtab of the Privileges tab opens. |
| 7. | On the Jamf Pro Server Objects subtab, click Edit and make sure that the following permissions are selected: |
|
Object |
Permission |
|
Categories |
Create (optional) Read Update (optional) |
|
Computers |
Read |
|
File Share Distribution Points |
Read |
|
Packages |
Read |
|
Policies |
Create Read Update |
|
Static Computer Group |
Create Read Update |
The table below lists the minimum permissions required for the user account in Jamf Pro to integrate with or execute different functionalities within App Portal / App Broker.
|
Action |
Purpose |
Permission |
|
Test Button |
Check existence of category, policy template, and computer group template |
READ Categories, READ Policies, READ Static Computer Groups (OPTIONAL: CREATE Categories to create category if category does not already exist) |
|
Data Sync |
Retrieve device information and user associations |
READ Computers |
|
Software Deployment |
Allow creation of software catalog items for Mac devices and automatic delivery of that software upon request |
READ Categories, READ Computers, READ File Share Distribution Points, READ Packages, CREATE/READ/UPDATE Policies, CREATE/READ/UPDATE Static Computer Groups |
| 8. | When you are finished selecting permissions, click Save. |
| 9. | Open the Jamf Pro Server Settings subtab. |
| 10. | Click Edit and make sure that Read is selected for Activation Code. |
| 11. | When you are finished selecting permissions, click Save. |
See Also
Entering Jamf Pro Settings at Initial Start Up
API Calls Used by App Portal to Integrate with Jamf Pro
Enabling the “Create Uninstall Policy” Option for a Jamf Pro Package