Connect Kandji to Anzenna
Integrate Anzenna with Kandji to monitor Mac, iPhone, and iPad device management, security posture, and compliance.
Prerequisites
- Kandji administrator access
- Anzenna account
- Ability to create API tokens in Kandji
Overview
The integration provides:
- Device inventory and status
- Security compliance monitoring
- Prism threat data visibility
- Application inventory
- Optional: Remote remediation
Step-by-Step Instructions
Part 1: Log into Kandji
Navigate to your Kandji portal
Click Continue with Google (or your authentication method)
- Complete authentication
Part 2: Create API Token
Once logged in, click Settings (gear icon)
Select Access from the settings menu
Click Add Token
Enter token details:
- Name:
Anzenna - Description:
Integration with Anzenna for security monitoring
- Name:
Click Create Token
Part 3: Configure Token Scopes
Review the security warning about API token access
Check the acknowledgment box
Click Next
Part 4: Select Required Scopes
Grant the following required scopes:
Device Information:
- Device Details
- Device List
Application Data:
- Application Information
Prism Security:
- Prism Data Access
Optional - For Remediation:
- Device Actions
- Script Execution
- Policy Management
Click Save to create the token
Part 5: Copy API Token
Copy the API token immediately after creation
The API token is only displayed once. Store it in a secure password manager.
Part 6: Get API URL
While in Kandji settings, note your API URL
Format: https://your-instance.api.kandji.io
The API URL is typically shown in the API documentation or token creation screen. It uses your Kandji subdomain.
Part 7: Connect in Anzenna
Log into Anzenna at
app.anzenna.ai
Navigate to Settings > Integrations
Find the Kandji integration card
Toggle the switch to enable the integration
Paste the API token into the Token field
Enter your API URL:
https://your-instance.api.kandji.ioClick Save to establish the connection
Verify status shows Connected
Verification
Check integration shows Connected in Anzenna
- Wait 15-30 minutes for initial sync
Navigate to Devices dashboard
- Verify Kandji-managed devices appear
- Check security posture data is visible
What Data is Collected
Device Inventory
- Mac computers
- iPhones and iPads
- Serial numbers
- Model information
- OS versions
Device Status
- Online/offline status
- Last check-in time
- Enrollment status
- MDM profile status
Security Posture (Prism)
- Malware detections
- Suspicious processes
- Security threats
- Compliance violations
Applications
- Installed applications
- Application versions
- Managed vs unmanaged apps
- License information
Compliance Data
- Policy compliance status
- Configuration profiles
- Security settings
- Certificate status
Prism Integration
Kandji Prism provides advanced threat detection:
- Real-time threat monitoring
- Behavioral analysis
- Process monitoring
- Network activity tracking
- Automated threat response
Anzenna collects Prism data to:
- Correlate threats across systems
- Identify patterns
- Enhance detection accuracy
- Provide unified security view
Remediation Capabilities
With remediation scopes enabled:
Remote lock - Secure lost/stolen devices
Remote wipe - Erase device data
Execute scripts - Run custom remediation
Install applications - Deploy security tools
Update policies - Apply configuration changes
Troubleshooting
Connection Fails
Unable to establish connection:
Verify API token copied correctly (no extra spaces or line breaks)
Check API URL format matches your Kandji subdomain exactly
- Ensure token hasn't been revoked in Kandji
Confirm token has all required scopes (Device List minimum)
Try generating a new API token if connection repeatedly fails
Check network connectivity between Anzenna and Kandji
No Data Appearing
Devices or inventory not syncing to Anzenna:
Wait 30 minutes for initial sync to complete
Verify devices are enrolled in Kandji and actively managed
- Check token has Device List scope enabled
Ensure devices have checked in to Kandji recently
Review device enrollment status in Kandji dashboard
- Check for any sync errors in Anzenna logs
Verify devices are not in a "pending" enrollment state
Prism Data Missing
Threat detection data not available:
Verify Prism Data Access scope is granted to your API token
Check that Prism is enabled for your Kandji instance
Ensure target devices have Prism agent installed
Wait for Prism data collection cycle (can take 1-2 hours)
Confirm devices are online and communicating with Kandji
Check Prism configuration in Kandji settings
Token Expires or Becomes Invalid
Authentication errors after initial setup:
Tokens don't expire by default in Kandji, but can be revoked
If token was revoked, create a new token with same scopes
- Update the token in Anzenna immediately
- Test connection after updating credentials
Verify no one has modified API token settings in Kandji
Check token hasn't been accidentally deleted
Security Considerations
API token security - Store in password manager
Scope limitation - Only grant necessary permissions
Read-only default - Remediation requires explicit scopes
Audit logging - All API access logged in Kandji
Token rotation - Consider annual rotation
Best Practices
Minimal scopes - Start with read-only access
Document token - Record where stored and granted scopes
Monitor initially - Watch for errors in first 48 hours
Test remediation - Verify in sandbox before production
Regular audits - Review token access quarterly
Prism enablement - Ensure Prism deployed to all devices
API URL verification - Confirm matches your instance
Integration Maintenance
Regular Checks
Perform monthly:
- Verify connection active
- Check data freshness
- Review sync timestamps
- Test sample queries
Token Management
Best practices:
- Store securely in vault
- Document scopes granted
- Set calendar reminder for annual review
- Have rollback plan for token changes
Kandji Updates
After Kandji platform updates:
- Test API connectivity
- Verify data still syncing
- Check for new available scopes
- Update documentation if needed
API Rate Limits
Kandji enforces API rate limits:
- Monitor usage in Kandji admin
- Anzenna automatically handles throttling
Contact Kandji support if limits are reached
- Consider upgrading plan for higher limits
Related Resources
Need help? Contact
Anzenna Support
for assistance.