Aptible Comply Documentation

Jamf integration logo

Description

Jamf Pro is a mobile device management (MDM) tool for Apple devices. It gives you a central location to manage your workforce’s devices by creating policies that dictate how the device can be used and providing tools like remote setup, locking, and wiping.

📘

Jamf Pro vs. Jamf Now

Please note that at this time, our Jamf integration requires that your organization be subscribed to Jamf Pro. Jamf Now users may wish to explore using our Events API to post device specific evidence into Comply.

Benefits

Up-to-date asset inventory
By integrating with JAMF, you'll quickly create an inventory of all your JAMF-managed devices (laptops, phones, etc.) Additionally, you can leverage Procedures to automatically trigger processes when devices are added or removed from JAMF.

Automatic associations to people
We use the email on the Jamf device to automatically associate it to the workforce member that uses it if they're tracked in your asset inventory.

Device security monitoring and evidence
Every month, Comply will scan your devices to ensure they have disk encryption and automatic updates enabled. Read more about events and automations here and scroll down to see details on the specific events this integration provides.

Security

We use a read-only service account with only the permissions we need to sync your phones and laptops.

Automations

Automation

Description

Returns

Framework Mappings

Disk Encryption

Ensures that all boot partitions are encrypted for computers managed in JAMF as part of a Computer Config Scan; i.e., if one of these event tags match: Device Encrypted

Comply creates an issue if one or more boot partitions is unencrypted, or if no partitions are found on the computer; i.e., if one of these event tags match:
Disk Unencrypted, Disk Encryption Unknown.

ISO: A.10.1.1

SOC 2: CC6.1, CC6.7

HIPAA: 164.310(c), 164.312(a)(2)(iv), 164.312(e)(2)(ii)

Events

Our Jamf integration will trigger a Computer Config Scan event immediately after the integration is connected and on a monthly basis thereafter.

Automatic Updates (Computers only):

  • Automatic Updates On - Automatic updates are enabled.
  • Insecure Password Policy - Automatic updates are not enabled.
  • Unknown Password Policy - No automatic update policy was found on the device.

Device Encryption (Computers only):

  • Device Encrypted - All boot partition are encrypted.
  • Disk Unencrypted - At least 1 boot partition is unencrypted.
  • Disk Encryption Unknown - No partitions were found on the device.

OS Version (Computers only):

  • The current OS version is provided as a tag (e.g. iOS 13.6 or macOS 10.15.6).

Setup

  1. Navigate to the Integrations tab in Comply, click Add Integration, and select Jamf.
  2. Create a Jamf user account with the following permissions:
    • Read Mobile Devices
    • Read Computers
  3. Enter the account username and password in the form.
  4. Enter the Jamf Pro domain name. Note that you only need to enter the subdomain. For example, if your Jamf Pro domain was healthco.jamfcloud.com, you would only enter healthco in the form.

Troubleshooting

The most common problems when setting up the integration are:

  • Incorrect permissions on the service account.
  • Mistakes entering the username, password, or account subdomain.
  • At this time, Support for this integration is currently limited to Jamf Pro subscribers.

If you receive an error message when trying to sync your integration, please check the above items and contact [email protected] if the problem persists.

Updated 3 months ago


Jamf


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.