> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/integrations/overview/jamf-integration.md). # Jamf Integration (Staff Device Management) Jamf integration enables Sprinto to monitor managed Apple devices for compliance and security controls. By connecting Jamf with Sprinto, you can: * Automate staff device inventory collection * Monitor encryption status across devices * Track operating system version and update status * Detect screen lock configurations * Verify antivirus installation status * Associate devices with staff members for monitoring * Reduce manual evidence collection for device-related controls Sprinto integrates with Jamf using API login credentials. *** ### How Jamf Integration Works Sprinto connects to Jamf through API authentication. The integration works by: 1. Creating a dedicated Jamf API user 2. Assigning read-only privileges 3. Providing Jamf credentials to Sprinto 4. Authenticating with Jamf APIs 5. Retrieving device inventory and configuration details 6. Continuously syncing device data for compliance monitoring Sprinto retrieves inventory and configuration profile data to automate controls. *** #### Sprinto checks for Jamf Following are the checks offered by Sprinto for the Jamf MDM tool:

Sprinto check	Required action
Device OS should be upto date on staff device	The check gets activated against a staff member if their device is running on an outdated operating system (OS) version. To fix this check, a staff member needs to update the device operating system with the latest available OS version and report the device status using the Jamf MDM tool.
Disk encryption should be enabled on staff device	The check gets activated against a staff member if their device storage is not encrypted. To fix this check, a staff member needs to enable encryption on their device storage and report the device status using the Jamf MDM tool.
Antivirus should be running on staff device	The check gets activated against a staff member if the Jamf MDM tool does not find an antivirus installed on the device. To fix this check, a staff member needs to install a valid antivirus on their device and report the device status using the Jamf MDM tool.

Sprinto check

Required action

Device OS should be upto date on staff device

The check gets activated against a staff member if their device is running on an outdated operating system (OS) version.

To fix this check, a staff member needs to update the device operating system with the latest available OS version and report the device status using the Jamf MDM tool.

Disk encryption should be enabled on staff device

The check gets activated against a staff member if their device storage is not encrypted.

To fix this check, a staff member needs to enable encryption on their device storage and report the device status using the Jamf MDM tool.

Antivirus should be running on staff device

The check gets activated against a staff member if the Jamf MDM tool does not find an antivirus installed on the device.

To fix this check, a staff member needs to install a valid antivirus on their device and report the device status using the Jamf MDM tool.

*** ### Prerequisites Before connecting Jamf to Sprinto, ensure that: * You are logged in to the Sprinto Admin portal. * You have administrator access to Jamf Pro. * You have access to create Jamf user accounts. * You have permission to configure Jamf Pro system settings. * You have a Jamf Pro subscription with API access enabled. *** ### Authentication Method Jamf integration uses login credentials authentication. Sprinto authenticates using: * Jamf domain URL * Username * Password OAuth is not required for this integration. Sprinto uses a dedicated Jamf API user with read-only access. *** ### Permissions Required Sprinto requires read-only access to device inventory and security configuration data. #### Required Permissions The Jamf user account should have the following permissions.

Permission	Purpose
Read device inventory	Retrieves managed devices and hardware details
Read security settings	Retrieves encryption, OS, and lock settings
Read configuration profiles	Detects device configuration policies
Read user information	Maps devices to users

#### Recommended Privilege Set Sprinto recommends using the following Jamf privilege level: * **Auditor** The Auditor role provides read-only access suitable for compliance monitoring. ### Data Accessed by Sprinto Sprinto syncs read-only metadata from Jamf. #### Device Inventory Data Sprinto syncs: * Device serial number * Device name * Device model * Device ownership mapping * Assigned user email #### Security and Compliance Data Sprinto syncs: * FileVault encryption status * Screen lock configuration * OS version * OS update status * Antivirus detection * Last device check-in timestamp #### Supported Encryption States Sprinto may detect the following encryption states: * `BOOT_ENCRYPTED` * `ALL_ENCRYPTED` * Not encrypted *** ### Connect Jamf in Sprinto To start the integration: 1. Log in to Sprinto. 2. Go to **Settings**. 3. Select **Integrations**. 4. Under the **All** tab, search for **Jamf**. 5. Click **Connect** next to Jamf.

A drawer opens displaying available Jamf integrations. ### Select Staff Device Management Jamf provides multiple integration options. 1. In the connection drawer, locate **Staff Device Management**. 2. Click **Connect** next to Staff Device Management.

Sprinto opens a setup drawer containing integration information. #### Review Integration Information The drawer displays: **Automated Evidences** Sprinto shows: * Number of automated controls * Number of automated checks **Permission & Data** Sprinto displays required permissions. **Permissions Required** * User Information (email address): Read-only * List Devices: Read-only **Data Used by Sprinto** Sprinto may access: * Device details * User information * Hard disk encryption status * Operating system version **Additional Information** Sprinto displays: * Required subscription plan * Required administrative access After reviewing the details, click **Next**.

### Create a Jamf API User Sprinto requires a dedicated Jamf user account with read-only permissions. To create the Jamf API user: 1. Log in to your Jamf portal. 2. Click the **Settings** icon in the top-right corner. 3. Select **System Settings**. 4. Go to **Jamf Pro User Accounts & Groups**. 5. Click **New**. 6. Select **Create Standard Account**. 7. Click **Next**. #### Configure User Details Provide the following information:

Field	Value
Username	`sprinto`
Full Name	`Sprinto Auditor`
Password	Create a secure password
Privilege Set	Auditor
Access Status	Enabled

8. Click **Save**. This creates a read-only Jamf user for Sprinto integration. ### Enter Jamf Credentials in Sprinto After creating the Jamf API user: 1. Return to Sprinto. 2. Enter the following information: * Jamf Domain URL * Username * Password #### Required Fields

Field	Description
Domain	Jamf instance URL
Username	Jamf API username
Password	Jamf API password

Example domain: ### Complete Connection 1. Verify all entered information. 2. Click **Connect to Jamf**.

Sprinto validates the credentials and connects to Jamf. Once connected, Jamf appears as an active Staff Device Management integration. *** ### APIs Used by Sprinto Sprinto uses Jamf APIs to retrieve device inventory and configuration details. #### Authentication API

API Endpoint	Purpose
`POST /api/v1/auth/token`	Generates API authentication token

#### Device Inventory APIs

API Endpoint	Purpose
`GET /api/v1/computers-inventory?page={page}`	Retrieves managed devices
`GET /api/v1/computers-inventory-detail/{id}`	Retrieves detailed device metadata

#### Configuration Profile APIs

API Endpoint	Purpose
`GET /JSSResource/osxconfigurationprofiles`	Retrieves configuration profiles
`GET /JSSResource/osxconfigurationprofiles/id/{profileId}`	Retrieves profile details

#### User Account API

API Endpoint	Purpose
`GET /api/v1/accounts`	Retrieves Jamf user accounts

### Synced Data After integration, Sprinto syncs the following information.

Category	Synced Data
Device Inventory	Device name, serial number, model, ownership
Encryption	FileVault encryption status
Device Security	Screen lock and OS status
Antivirus	Installed endpoint security applications
User Mapping	Assigned user details
Device Activity	Last check-in timestamp

*** ### Post Connection Flow After Jamf is connected: #### Device Discovery Sprinto discovers managed devices from Jamf. #### Device Ownership Mapping Sprinto maps devices to employees using user metadata. #### Device Compliance Monitoring Sprinto continuously checks: * Encryption state * Device lock configuration * Operating system versions * Antivirus detection #### Evidence Collection Sprinto automatically updates controls using synced device data. #### Periodic Synchronisation Sprinto periodically syncs data from Jamf to keep monitoring current. ### Sync Frequency Sprinto refreshes Jamf data periodically.

Data Type	Sync Frequency
Device Inventory	Every 6–24 hours
Security Metadata	Periodic refresh
Device Ownership Mapping	Periodic refresh

Sync frequency may vary depending on system configuration. ### Platform Support Jamf supports Apple device management. #### Supported Platforms * macOS * iOS * iPadOS #### Unsupported Platforms * Windows * Android * Linux *** ### Limitations and Considerations Jamf integration has platform-specific limitations. #### Known Limitations * Jamf supports Apple devices only. * No Windows or Android monitoring support. * Screen lock detection depends on configuration profile parsing. * Antivirus detection relies on installed package discovery. #### Important Considerations. * Ensure Jamf API credentials remain active. * Avoid changing privilege levels after setup. * Keep Jamf credentials updated if passwords rotate. *** ### Troubleshooting #### Unable to Authenticate With Jamf Ensure: * Domain URL is correct. * Username and password are valid. * The Jamf account is active. * API access is enabled. #### No Devices Are Synced Ensure: * Devices are enrolled in Jamf. * Device inventory is populated. * Jamf API permissions allow device listing. #### Missing Encryption or Screen Lock Data Ensure: * Devices report configuration profile data. * FileVault status is available in Jamf. * Configuration profiles are assigned to devices. #### Authentication Errors Ensure: * Jamf password has not expired. * The API user has Auditor permissions. * Jamf tenant URL is correctly entered. *** ### **Support** If you encounter any issues or need assistance with your integration, contact the Sprinto support team at . --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/integrations/overview/jamf-integration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.