Connect Jamf to Anzenna
Integrate Anzenna with Jamf Pro to monitor macOS and iOS device inventory, policies, and security compliance.
Prerequisites
- Jamf Pro administrator access
- Anzenna account
- Ability to create API roles and clients
Overview
The integration provides:
Device inventory (computers and mobile devices)
- Policy compliance monitoring
- User account tracking
- Security posture assessment
- Optional: Remote remediation capabilities
Step-by-Step Instructions
Part 1: Start in Anzenna
Log into
app.anzenna.ai
Find the Jamf integration card
- Click to view integration settings
Enter your Jamf instance URL:
https://<yourinstance>.jamfcloud.comLeave this page open - you'll return to complete the connection
Part 2: Create API Role in Jamf
Log into your Jamf Pro instance
Navigate to Settings > System > API Roles and Clients
Click New to create a new API Role
Enter role details:
- Name:
Anzenna Read-Only - Display Name:
Anzenna Integration
- Name:
Part 3: Configure API Role Privileges
Grant the following required privileges:
Computer Management:
- Read Computers
- Read Smart Computer Groups
- Read Static Computer Groups
Mobile Device Management:
- Read Mobile Devices
User Management:
- Read User
- Read User Extension Attributes
- Read Accounts
Policy Management:
- Read Policies
Optional - For Disk Encryption Recovery:
- View Disk Encryption Recovery Key
Optional - For FileVault Recovery:
- View Recovery Lock
Click Save to create the API role
Part 4: Optional Remediation Privileges
If you want Anzenna to perform remote actions:
Add these additional privileges:
Policy Management:
- Create Policies
- Delete Policies
Script Management:
- Read Scripts
- Create Scripts
- Delete Scripts
Group Management:
- Create Smart Computer Groups
- Delete Smart Computer Groups
Part 5: Create API Client
In Jamf, stay in API Roles and Clients section
Click New to create a new API Client
Enter client details:
- Name:
Anzenna Enabled: Yes
- Name:
Under Assign API Role, select the role you just created (
Anzenna Read-Only)Click Save
Part 6: Generate Client Secret
After creating the client, click Generate Client Secret
Copy the Client Secret immediately
The client secret is only shown once. Store it securely.
Also copy the Client ID from the API Client details
Part 7: Complete Connection in Anzenna
Return to Anzenna integrations page
Paste the Client ID into the designated field
Paste the Client Secret into the secret field
Optional: Enable remediation features if you granted those privileges
Click Save to establish the connection
Verify integration shows as Connected
Verification
- Wait 15-30 minutes for initial sync
Navigate to Devices dashboard in Anzenna
- Verify Jamf-managed devices are appearing
- Check policy compliance data is visible
- Review user information is syncing
What Data is Collected
Device Inventory
- Computer details (Mac)
- Mobile device details (iOS/iPadOS)
- Hardware specifications
- OS versions
- Serial numbers
- Last check-in times
Security Posture
- FileVault encryption status
- Firewall settings
- Gatekeeper status
- System Integrity Protection
- Security patch levels
Policy Compliance
- Applied policies
- Compliance status
- Policy failures
- Configuration profiles
User Information
- Assigned users
- User accounts
- Extension attributes
- Department/location data
Remediation Capabilities
With remediation privileges enabled:
Create policies - Deploy security configurations
Execute scripts - Run remediation scripts
Manage groups - Dynamic device grouping
Lock devices - Remote device lock
Wipe devices - Remote wipe capability
Troubleshooting
Connection Fails
Unable to establish connection:
Verify Jamf instance URL is correct (include
https://and.jamfcloud.com)- Check Client ID and Secret are accurate
- Ensure API client is enabled in Jamf
- Confirm API role has required privileges
Try regenerating Client Secret if connection repeatedly fails
Check if Jamf instance is accessible from Anzenna (no firewall blocks)
No Data Syncing
Devices or policies not appearing in Anzenna:
Wait 30 minutes for initial sync to complete
Verify devices are enrolled in Jamf and actively managed
Check API role has all required Read privileges
Ensure devices have checked in to Jamf recently
- Review device enrollment status in Jamf
- Check Anzenna logs for sync errors
Permission Errors
Access denied or insufficient privileges errors:
- Review API role privileges in Jamf
Verify all required scopes are granted (see Part 3 above)
Check API client is assigned to correct role
- Ensure API client isn't disabled
Confirm no recent changes to API role configuration
Try creating a new API client if issues persist
Client Secret Issues
Secret expired or invalid:
Client secrets don't expire, but can be regenerated
- If you lost the secret, generate a new one
- Update Anzenna with new secret immediately
Verify no extra spaces when pasting credentials
Best Practices
Start read-only - Add remediation later if needed
Test with pilot group - Verify data collection first
Document credentials - Store Client ID/Secret securely
Regular reviews - Audit privileges quarterly
Monitor health - Check sync status weekly
Related Resources
Need help? Contact
Anzenna Support
for assistance.