TN 5263: Jamf Import

Computer and device records and details can be imported from Jamf to AllSight

Deploying the KeyAccess client to endpoints is the best way to inventory your MacOS computers in AllSight. However there are certain pieces of information that are not available from the hardware, which may be in your MDM solution. For example, Jamf has a tie in to Apple warranty information using GSX. By importing that data from Jamf, you can get all your asset details in one platform.

AllSight has no agent for mobile platforms like iOS. However we can import all the hardware and App information gathered by Jamf so you can have your iOS devices with your other Computer records in AllSight. You can then tie these to Purchase records and perform other asset management tasks, including loaner checkout. Additionally, you might use an Incident Management tool we integrate with, like Team Dynamix or ServiceNow. By leveraging the features of AllSight you can have all your assets in your incident management solution. Note that in a seat based entitlement of our platform, Imported records do not count to your limit.

Note that iOS devices are classified as Computers in the AllSight platform. Our use of the word Device relates to peripherals like monitors and printers.

Using the Script

For full information on enabling and scheduling scripts, see this document. Generally speaking, enabling and scheduling scripts is more friendly in the Web UI than KeyConfigure, and the screenshots below are from the former.

Note that as of March 2024 we are aware Jamf is removing basic auth in their API. As such customers should make sure their script is up to date so as to be able to use ID and Secret instead of Name and Password.

     

The script will import and/or sync data from Jamf for MacOS, iOS, and/or tvOS devices. The top 3 options in the script configuration dialogue set which of these asset types you want to act on. The drop down sets the Operation Mode to either create, update or both. If assets do not exist in KeyServer that are in Jamf, they will be created in the Imported state. For MacOS, a KeyAccess client that later connects and matches on a serial based ID will move the record to Dedicated and supply the normal KeyAccess based data. Additional information like warranty status can be pulled in as well, especially if you have a GSX account configured in Jamf.

The option to Set Owner field from imported data will set the Owner field in our Asset pane to the assigned user in the Jamf record.

Write to Log is useful for diagnostic troubleshooting if you're not seeing data get imported.

     

Instance should be the FQDN of your Jamf instance only. Do not put URL syntax in front. In the event of a nonstandard port you can append that in normal syntax such as jamf.mysite.com:8443.
The account used for the User and Password needs sufficient access to read the computer and device records in Jamf that you want to import.

Imported Data

The script compares serial numbers of records in AllSight and Jamf. When a match is found, some fields can be updated in AllSight from the Jamf data. If there is no match, a new record can be created. The script options will allow for Import, Update, or Both.

Providing the data is in Jamf, these fields will be populated in AllSight when a Computer record is created by this import:

computerOEMSerial
computerUUID
computerAssetID
computerLastAudit
computerName
computerManufacturer
computerModel
computerOSVersion
computerDiskSize
computerFreeSpace
computerAddress
computerMACAddress
computerUserName
computerPlatform
computerOSType
computerRAMSize
computerCPUType
computerCPUSockets
computerCPUCount
computerCPUClock
computerOwner
computerDepartment
computerBuilding
computerRoom
computerPurchaseDate
computerLeaseEndDate
computerWarrantyDate
computerServiceURL

In the case of a computer already existing in AllSight, provided there is data in Jamf the following will be Updated:

computerOwner
computerDepartment
computerBuilding
computerRoom
computerPurchaseDate
computerLeaseEndDate
computerWarrantyDate
computerServiceURL

For iOS devices, the import will also include Apps in the form of Packages. See the linked document for information on viewing Packages and using the Show Packages script in KeyConfigure. Package data can not be viewed in the Web UI at this time. Note you can add these Packages to manual Products if you would like to be able to easily see install information in KeyConfigure -> Products or the Web UI Software page. Putting these Products in a Policy however will not gather Usage data as again there is no active agent on the iOS devices to track those launches.

Software is not pulled from Jamf for MacOS devices as it would conflict with our internal data when the KeyAccess client reports a full audit.