The Jamf integration allows IT teams to view all devices and users within their organization. By having this data within FMX, these IT teams can create tickets on their behalf, and audit what they have available.
This article will explain how to set up your Jamf integration with FMX for your mobile devices and computers. These instructions are for users who have purchased the Jamf integration and have already been added to prismatic. If you are interested in adding this integration please reach out to your account manager at FMX. Once an FMX team member reaches out you can begin the process with the below steps.
**The Jamf mobile devices integration and Jamf computer integration are set up separately. The steps are the same for both. The optional fields you can map will differ between the two. If you are adding both just repeat the steps in this guide for the one you have not set up yet.**
Add Equipment Types
Please make sure that you have the equipment types in FMX updated for which Jamf computer smart groups and mobile device smart groups you would like them to map too. If they are not then you will have to go back in to reconfigure the integration for those types to be an option in prismatic. See this support center article on how to add equipment types.
Add Custom Fields
Add the customs required custom fields in your FMX site before starting the integration steps. The custom fields need to be in FMX prior to the steps being completed so that you will be able to map the correct Jamf field to correct FMX field.
Add the following field:
- Link to Jamf URL - add this custom field for Equipment, that is a text field. Make sure that you do not limit the permitted user types or exclude any of the equipment types you want map over for this field so that the integration can work properly.
Additionally, below there are optional custom fields you can map over from Jamf to FMX. Add any fields you would like prior to setting up the integration. These need to be text fields that are not required for equipment. These fields can be added later and the integration can be updated.
Mobile Device | Computer |
|
|
**See this support center article for how to add custom fields in FMX**
Jamf API Role, Client, and Client Secret
Before going into the integration you will need to create the API role, create the api client and get the client secret from Jamf. This will be used to connect the integration between Jamf and FMX.
**This information is the same for the Jamf Mobile Device, Jamf Computer and Jamf User Integration. If you have already set one of these up you do not need to do this again. The API client and client secret will be the same.**
API Role
Follow these steps to create the API role:
- In your Jamf account, navigate to Settings in the left panel
- In the System tab, find/search for API roles and clients
- In the API Roles tab, click + New to add a new role
- Display Name: <Create a name to identify the FMX role>
- Privileges: Add the following privileges:
- Read Computers
- Read Mobile Devices
- Read Users
- Read Smart Computer Groups
- Read Smart Mobile Device Groups
- Read Smart User Groups
- Read User Extension Attributes
- Read Mobile Device Extension Attributes
- Read Computer Extension Attributes
- Read Buildings
- Click Save
API Client & Client Secret
- In the API Clients tab, click + New
- Display Name: <create a name to identify the client for FMX>
- API roles <choose the API role you created for this integration>
- Access Token Lifetime: 3600
- Click Enable API Client and Save
- Click the Generate a client secret button to get the client secret.
- Copy and save the client secret as it will only be provided once in the pop-up window. The client id and client secret will be used to authenticate Jamf in the integration
See this Jamf article for more details
Go to the Integrations Settings
A member of the FMX team will reach out to you when your integration has been added to your FMX site.
In your FMX site go to your admin settings. Then go to the tab that says “Integrations”. In this section you will see all of the integrations you have on your FMX site through Prismatic. Prismatic is a platform that you will use to set up the integration between Jamf and FMX. The platform is embedded into FMX and you will use it via the integrations tab. To access your integration to begin the setup process select the integration you would like to work on. If you do not see the Jamf integrations reach out to your primary contact at FMX.
Jamf Mobile Devices or Computer
Go to the integrations settings tab in your admin settings. To set up the Jamf mobile device or computer integration and select either in this tab. In order to start this process click the “Reconfigure” button. The process will have the same steps for both.
1. Initial Configuration
For this step there is nothing that you need to do to complete this. Select "Next" to move on to the configuration section.
2. Configuration
Next fill out the "Jamf Connection" fields. Steps on how to do this can be found in the above section "Jamf API Role, Client, and Client Secret".
**The information in this section will be the same for Jamf Computer, Jamf Mobile Device and Jamf User integrations.**
Next fill out the "FMX Connection" fields.
- Hostname - this is your FMX hostname. This can be found in the URL of your site and it is the text before “.gofmx.com”. For example: https://fmxschool.gofmx.com/. The bolded text is your hostname.
- Password - this is the password of the FMX integration user you add(see details on this below)
- API User Email - this is email address of the integration user you add. You can make this an email with @gofmx.com as the domain name(see details on this below)
You will need to create an account in your FMX site for the integration to sync with. Name the user "Jamf Syncer" to be able to track what information is synced. Put the log in information in the password and user field. In order to do this you will need to create a new user type that will not be updated. If the integration’s user type is updated this can cause the integration to not work.
To create a new user type click the “Admin Settings" in the left sidebar then select the” User Types" tab at the top of the page. You can either select add “User Type” at the top of the page or click the vertical 3 dots next to a user type that may have full access like “FMX Administrator” and click “copy”. Name the user type “FMX Integration”. For more information on user types go to this support center article.
Next go to the following setting and make sure the user type has the following permissions:
-
Building & Resource Access
- Read - Any
-
Equipment Access
- Create
- Read - Any
- Update- Any
- Retire - Any
-
Permitted Equipment Types Includes All Desired
- If the user type does not have access to an equipment type you would want to sync with Jamf then those devices/computers would not sync.
-
User & Contact Access
- Administer
- Read Users
- Read Contacts
- Delete
- Permitted Access to All Desired Custom Fields
After you have entered in all the information in the configuration fields click the next button.
3. Smart Computer Group Mapping or Smart Mobile Device Mapping
In the section you will choose which smart computer group or smart mobile device you want to include in the integration, as well as their respective FMX equipment type. Only smart groups selected below will be synced with FMX. Click the "+ Add to Smart Computer Group Mapping" or "+ Add to Smart Mobile Device Group Mapping" button to start mapping. Then in the "Jamf Smart Group" field select the smart group you would like to map. Then in the "FMX Equipment Type" field choose the corresponding equipment type. Lastly, choose the FMX building in the "Default FMX Building" field. Then repeat this process for all the computers/devices you want to update. This can be added to later by reconfiguring the integration.
Next choose whether to keep the equipment type in sync on or not. When this is toggled on, changes made to smart computer groups in Jamf will be automatically reflected in the mapped equipment type in FMX. Any changes made to mapped equipment type in FMX while this is toggled on will be overridden by what is in Jamf.
Lastly, choose whether to keep buildings in sync on or not. When this is toggled on, changes made to smart computer groups in Jamf will be automatically reflected in the mapped buildings in FMX. Any changes made to mapped buildings in FMX while this is toggled on will be overridden by what is in Jamf.
Select the "Next" button when finished.
4. Building Mapping
In this section you will choose which building in Jamf will map to the FMX building. To do this select the "+ Add to Jamf Building to FMX Building Mapping" button. Then choose a building from the "Jamf Building" field to map to it corresponding building in the "FMX Building" field. Continue this process until all of the buildings are mapped. Select the next button when you are finished. If a Jamf building in this list is not found, the Default FMX Building from the Smart Group Mapping
4. Field Mapping
In the equipment tag field you will choose which Jamf field you want to be the Equipment tag in FMX. This should be a unique identifier that will be used as the equipment tag in FMX. Then choose the field you want the direct link to the Jamf Mobile device or computer to be.
"***When first setting up the integration If you already have computers/devices in FMX that you would like to have sync with what is coming from Jamf. Then their FMX equipment tag needs to match. If these computers/devices are named the exact same as the field you are choosing for the unique identifier field from Jamf then they will sync.
If they do not then those equipment items in FMX need to have the equipment tag in FMX updated to the Jamf field you will be using for the equipment tag. For example if you are choosing the serial number field (from Jamf) for the FMX equipment tag field then you will need to bulk update your FMX equipment items to have that as the tag in FMX. For steps on how to bulk update equipment in FMX see this support center article.****"
Next choose which Jamf fields you want bring over to FMX. To do this select the "+ Add to Optional Custom Fields" button. Then choose the field you would like in the "Jamf Field" dropdown and then choose the corresponding field in the "FMX Custom fIeld" dropdown. Do not use a Jamf field or an FMX custom field more than once. These fields can updated and added too at any point by reconfiguring the integration. Select finish when you are done.
Once you have completed the setup you can repeat these steps for either mobile devices or computers.
Updating the Integration
If changes need to be made to your integration you can update it at any time. To do this go back to the Integration Settings tab in FMX. Then find the integration and select "reconfigure". When you are done make sure select "Next" to get to the last screen and select "Finish".
To set up the Jamf user integration see this article.