The Jamf integration allows IT teams to view all devices and users within their organization. By having this data within FMX, these IT teams can create tickets on their behalf, and audit what they have available.

This article will explain how to set up your Jamf integration with FMX for users. These instructions are for users who have purchased the Jamf integration and have already been added to prismatic. If you are interested in adding this integration please reach out to your account manager at FMX. Once an FMX team member reaches out you can begin the process with the below steps. 

Create Custom Fields

Add the required custom fields in your FMX site before starting the integration steps. The custom fields need to be in FMX prior to the steps being completed so that you will be able to map the correct Jamf field to correct FMX field. 

Add the following field:

  • Link to Jamf URL - add this custom field for Users & Contacts, that is a text field. Make sure that you do not limit the permit user types for this field so that the integration can work properly. 

Additionally, there are optional custom fields you can map over from Jamf to FMX. These fields can be added later and the integration can be updated. The field mapping section of the article will explain more. The required field above is needed for the integration to work properly. 

**See this support center article for how to add custom fields in FMX**

Jamf API Role, Client, and Client Secret

**If you have already setup the Jamf Mobile Device or Jamf Computer integration use the same information and skip this step**

Before going into the integration you will need to create the API role, create the API client and get the client secret from Jamf. This will be used to connect the integration between Jamf and FMX.

API Role

Follow these steps to create the API role:

  1. In your Jamf account, navigate to Settings in the left panel
  2. In the System tab, find/search for API roles and clients
  3. In the API Roles tab, click + New to add a new role
    1. Display Name: <Create a name to identify the FMX role>
    2. Privileges: Add the following privileges:
      • Read Computers
      • Read Mobile Devices
      • Read Users
      • Read Smart Computer Groups
      • Read Smart Mobile Device Groups
      • Read Smart User Groups
      • Read User Extension Attributes
      • Read Mobile Device Extension Attributes
      • Read Computer Extension Attributes
      • Read Buildings
  4. Click Save 

API Client & Client Secret

  1. In the API Clients tab, click + New
  2. Display Name: <create a name to identify the client for FMX>
  3. API roles <choose the API role you created for this integration>
  4. Access Token Lifetime: 3600
  5. Click Enable API Client and Save
  6. Click the Generate a client secret button to get the client secret.
    1. Copy and save the client secret as it will only be provided once in the pop-up window. The client id and client secret will be used to authenticate Jamf in the integration

See this Jamf article for more details

Go to the Integrations Settings

In your FMX site go to your admin settings. Then go to the tab that says “Integrations”. In this section you will see all of the integrations you have on your FMX site through Prismatic. Prismatic is a platform that you will use to set up the integration between Jamf and FMX. The platform is embedded into FMX and you will use it via the integrations tab. To access your integration to begin the setup process select the integration you would like to work on. If you do not see the Jamf integrations reach out to your primary contact at FMX.

Jamf Users

Go to the integrations settings tab in your admin settings. To set up the Jamf integration for your Users select the “Jamf Users’ in this tab. In order to start this process click the “Reconfigure” button.

1. Initial Configuration

For this step there is nothing that you need to do to complete this. Select "Next" to move on to the configuration section.

2. Configuration

Next fill out the "Jamf Connection" fields. Steps on how to get this information can be found in the above section "Jamf API Role, Client, and Client Secret". 

**The information in this section will be the same for Jamf Computer, Jamf Mobile Device and Jamf User integrations.**

Next fill out the "FMX Connection" fields. 

  • Hostname - this is your FMX hostname. This can be found in the URL of your site and it is the text before “.gofmx.com”. For example: https://fmxschool.gofmx.com/. The bolded text is your hostname.
  • Password - this is the password of the FMX integration user you add(see details on this below)
  • API User Email - this is email address of the integration users you add(see details on this below)

You will need to create an account in your FMX site for the integration to sync with. Name the user "Jamf Syncer" to be able to track what information is synced. Put the log in information in the password and user field. In order to do this you will need to create a new user type that will not be updated. If the integration’s user type is updated this can cause the integration to not work.

To create a new user type click the “Admin Settings" in the left sidebar then select the” User Types" tab at the top of the page. You can either select add “User Type” at the top of the page or click the vertical 3 dots next to a user type that may have full access like “FMX Administrator” and click “copy”. Name the user type “FMX Integration”. For more information on user types go to this support center article.

Next go to the following setting and make sure the user type has the following permissions:

  • Building & Resource Access
    • Read - Any
  • Equipment Access
    • Create
    • Read - Any
    • Update- Any
    • Retire - Any
    • Permitted Equipment Types Includes All Desired
      • If the user type does not have access to an equipment type you would want to sync with Jamf then those devices/computers would not sync.
  • User & Contact Access
    • Administer
    • Read Users
    • Read Contacts
    • Delete
  • Permitted Access to All Desired Custom Fields

After you have entered in all the information in the configuration fields click the next button. 

3. Smart User Group Mapping

In this section you will select which smart user groups from Jamf you want to include in the integration, as well as their respective user type in FMX, and whether they should be added as a User or Contact. Only smart user groups selected below will be synced with FMX.

In the type mapping section choose a Jamf Smart User Group from the first drop down, then select the corresponding FMX user type from the "FMX User Type" dropdown. Lastly choose whether you want them to be a user or contact in FMX.  Continue this process for all the Jamf users you would like to sync to FMX.

 

Next choose the keep in sync options you would like on:

Keep User Type in Sync: when this is toggled on, changes made to type in Jamf will be automatically reflected in the mapped user types in FMX. Any changes made to mapped user types in FMX while this is toggled on will be overridden by what is in Jamf.

 

Keep Accessible Buildings in Sync: when this is toggled on, changes made to a building in Jamf will be automatically reflected in the mapped accessible buildings in FMX. Any changes made to mapped accessible buildings in FMX while this is toggled on will be overridden by what is in Jamf.

4. Accessible Buildings Mapping

In the section you map Smart User Groups to their Accessible building in FMX. To do this select the "+ Add to Accessible Building Mapping." 

Each Jamf Smart User Group can be mapped to multiple accessible buildings in FMX. This mapping is ONLY for users with at least one permission set to "accessible buildings" in FMX. Users who only have permissions set to "any building" will be mapped automatically and do not need to be mapped on this page. If an org unit has multiple accessible buildings, please add each additional building as a new line.

 

4. Field Mapping

In the first field choose the "Link to Jamf Url Custom Field" you created inf FMX earlier. This is the only field you are required to map. 

Lastly choose from the optional Jamf fields listed in the drop down to map to an FMX custom field by matching the fields in each drop down menu. If you did not create custom fields for these prior to configuration in FMX you can reconfigure the integration to map these later.  Select finish when you are done. 

Updating the Integration

If changes need to be made to your integration you can update it at any time. To do this go back to the Integration Settings tab in FMX. Then find the integration and select "reconfigure". 

To set up the Jamf Mobile Devices/Computer Integration see this support article

Was this article helpful?

  • 0 out of 0 found this helpful