Ctrlk
Sprinto DashboardAPI Reference

Jamf Integration (Staff Device Management)

Learn how to integrate Jamf with Sprinto for Staff Device Management to automate device inventory, encryption checks, OS monitoring, and compliance evidence collection.

Jamf integration enables Sprinto to monitor managed Apple devices for compliance and security controls.

By connecting Jamf with Sprinto, you can:

  • Automate staff device inventory collection

  • Monitor encryption status across devices

  • Track operating system version and update status

  • Detect screen lock configurations

  • Verify antivirus installation status

  • Associate devices with staff members for monitoring

  • Reduce manual evidence collection for device-related controls

Sprinto integrates with Jamf using API login credentials.

How Jamf Integration Works

Sprinto connects to Jamf through API authentication.

The integration works by:

  1. Creating a dedicated Jamf API user

  2. Assigning read-only privileges

  3. Providing Jamf credentials to Sprinto

  4. Authenticating with Jamf APIs

  5. Retrieving device inventory and configuration details

  6. Continuously syncing device data for compliance monitoring

Sprinto retrieves inventory and configuration profile data to automate controls.

Sprinto checks for Jamf

Following are the checks offered by Sprinto for the Jamf MDM tool:

Sprinto check
Required action

Device OS should be upto date on staff device

The check gets activated against a staff member if their device is running on an outdated operating system (OS) version.

To fix this check, a staff member needs to update the device operating system with the latest available OS version and report the device status using the Jamf MDM tool.

Disk encryption should be enabled on staff device

The check gets activated against a staff member if their device storage is not encrypted.

To fix this check, a staff member needs to enable encryption on their device storage and report the device status using the Jamf MDM tool.

Antivirus should be running on staff device

The check gets activated against a staff member if the Jamf MDM tool does not find an antivirus installed on the device. To fix this check, a staff member needs to install a valid antivirus on their device and report the device status using the Jamf MDM tool.

Prerequisites

Before connecting Jamf to Sprinto, ensure that:

  • You are logged in to the Sprinto Admin portal.

  • You have administrator access to Jamf Pro.

  • You have access to create Jamf user accounts.

  • You have permission to configure Jamf Pro system settings.

  • You have a Jamf Pro subscription with API access enabled.

Authentication Method

Jamf integration uses login credentials authentication.

Sprinto authenticates using:

  • Jamf domain URL

  • Username

  • Password

OAuth is not required for this integration.

Sprinto uses a dedicated Jamf API user with read-only access.

Permissions Required

Sprinto requires read-only access to device inventory and security configuration data.

Required Permissions

The Jamf user account should have the following permissions.

Permission
Purpose

Read device inventory

Retrieves managed devices and hardware details

Read security settings

Retrieves encryption, OS, and lock settings

Read configuration profiles

Detects device configuration policies

Read user information

Maps devices to users

Recommended Privilege Set

Sprinto recommends using the following Jamf privilege level:

  • Auditor

The Auditor role provides read-only access suitable for compliance monitoring.

Data Accessed by Sprinto

Sprinto syncs read-only metadata from Jamf.

Device Inventory Data

Sprinto syncs:

  • Device serial number

  • Device name

  • Device model

  • Device ownership mapping

  • Assigned user email

Security and Compliance Data

Sprinto syncs:

  • FileVault encryption status

  • Screen lock configuration

  • OS version

  • OS update status

  • Antivirus detection

  • Last device check-in timestamp

Supported Encryption States

Sprinto may detect the following encryption states:

  • BOOT_ENCRYPTED

  • ALL_ENCRYPTED

  • Not encrypted

Connect Jamf in Sprinto

To start the integration:

  1. Log in to Sprinto.

  2. Go to Settings.

  3. Select Integrations.

  4. Under the All tab, search for Jamf.

  5. Click Connect next to Jamf.

A drawer opens displaying available Jamf integrations.

Select Staff Device Management

Jamf provides multiple integration options.

  1. In the connection drawer, locate Staff Device Management.

  2. Click Connect next to Staff Device Management.

Sprinto opens a setup drawer containing integration information.

Review Integration Information

The drawer displays:

Automated Evidences

Sprinto shows:

  • Number of automated controls

  • Number of automated checks

Permission & Data

Sprinto displays required permissions.

Permissions Required

  • User Information (email address): Read-only

  • List Devices: Read-only

Data Used by Sprinto

Sprinto may access:

  • Device details

  • User information

  • Hard disk encryption status

  • Operating system version

Additional Information

Sprinto displays:

  • Required subscription plan

  • Required administrative access

After reviewing the details, click Next.

Create a Jamf API User

Sprinto requires a dedicated Jamf user account with read-only permissions.

To create the Jamf API user:

  1. Log in to your Jamf portal.

  2. Click the Settings icon in the top-right corner.

  3. Select System Settings.

  4. Go to Jamf Pro User Accounts & Groups.

  5. Click New.

  6. Select Create Standard Account.

  7. Click Next.

Configure User Details

Provide the following information:

Field
Value

Username

sprinto

Full Name

Sprinto Auditor

Password

Create a secure password

Privilege Set

Auditor

Access Status

Enabled

  1. Click Save.

This creates a read-only Jamf user for Sprinto integration.

Enter Jamf Credentials in Sprinto

After creating the Jamf API user:

  1. Return to Sprinto.

  2. Enter the following information:

    • Jamf Domain URL

    • Username

    • Password

Required Fields

Field
Description

Domain

Jamf instance URL

Username

Jamf API username

Password

Jamf API password

Example domain:

https://yourcompany.jamfcloud.com

Complete Connection

  1. Verify all entered information.

  2. Click Connect to Jamf.

Sprinto validates the credentials and connects to Jamf.

Once connected, Jamf appears as an active Staff Device Management integration.

APIs Used by Sprinto

Sprinto uses Jamf APIs to retrieve device inventory and configuration details.

Authentication API

API Endpoint
Purpose

POST /api/v1/auth/token

Generates API authentication token

Device Inventory APIs

API Endpoint
Purpose

GET /api/v1/computers-inventory?page={page}

Retrieves managed devices

GET /api/v1/computers-inventory-detail/{id}

Retrieves detailed device metadata

Configuration Profile APIs

API Endpoint
Purpose

GET /JSSResource/osxconfigurationprofiles

Retrieves configuration profiles

GET /JSSResource/osxconfigurationprofiles/id/{profileId}

Retrieves profile details

User Account API

API Endpoint
Purpose

GET /api/v1/accounts

Retrieves Jamf user accounts

Synced Data

After integration, Sprinto syncs the following information.

Category
Synced Data

Device Inventory

Device name, serial number, model, ownership

Encryption

FileVault encryption status

Device Security

Screen lock and OS status

Antivirus

Installed endpoint security applications

User Mapping

Assigned user details

Device Activity

Last check-in timestamp

Post Connection Flow

After Jamf is connected:

Device Discovery

Sprinto discovers managed devices from Jamf.

Device Ownership Mapping

Sprinto maps devices to employees using user metadata.

Device Compliance Monitoring

Sprinto continuously checks:

  • Encryption state

  • Device lock configuration

  • Operating system versions

  • Antivirus detection

Evidence Collection

Sprinto automatically updates controls using synced device data.

Periodic Synchronisation

Sprinto periodically syncs data from Jamf to keep monitoring current.

Sync Frequency

Sprinto refreshes Jamf data periodically.

Data Type
Sync Frequency

Device Inventory

Every 6–24 hours

Security Metadata

Periodic refresh

Device Ownership Mapping

Periodic refresh

Sync frequency may vary depending on system configuration.

Platform Support

Jamf supports Apple device management.

Supported Platforms

  • macOS

  • iOS

  • iPadOS

Unsupported Platforms

  • Windows

  • Android

  • Linux

Limitations and Considerations

Jamf integration has platform-specific limitations.

Known Limitations

  • Jamf supports Apple devices only.

  • No Windows or Android monitoring support.

  • Screen lock detection depends on configuration profile parsing.

  • Antivirus detection relies on installed package discovery.

Important Considerations.

  • Ensure Jamf API credentials remain active.

  • Avoid changing privilege levels after setup.

  • Keep Jamf credentials updated if passwords rotate.

Troubleshooting

Unable to Authenticate With Jamf

Ensure:

  • Domain URL is correct.

  • Username and password are valid.

  • The Jamf account is active.

  • API access is enabled.

No Devices Are Synced

Ensure:

  • Devices are enrolled in Jamf.

  • Device inventory is populated.

  • Jamf API permissions allow device listing.

Missing Encryption or Screen Lock Data

Ensure:

  • Devices report configuration profile data.

  • FileVault status is available in Jamf.

  • Configuration profiles are assigned to devices.

Authentication Errors

Ensure:

  • Jamf password has not expired.

  • The API user has Auditor permissions.

  • Jamf tenant URL is correctly entered.

Support

If you encounter any issues or need assistance with your integration, contact the Sprinto support team at [email protected].

PreviousIntruder IntegrationNextJamf Integration (Access Review)

Last updated