Pairing Jamf Pro with Okta Workflows to automate Mac management tasks

Okta Workflows and Jamf Pro

Okta Workflows is a low-code automation tool with a built-in connector library for industry-famous SaaS software. It supports custom HTTP calls, data manipulation actions and database functionality. Okta Workflows integrates with the Jamf API, with various levels of customization and ability — from the Jamf Connector with built-in actions to the Jamf Connector with custom API action or a totally custom API connector. Oliver talks about the differences and capabilities of each of these in the session.

Pendo IT solutions

Pendo uses Okta Workflows and the Jamf API to simplify automation further. Some solutions offered are:

• Computer regular check-in enforcement
• Associating computer with Okta user
• Updating Jamf computers’ records upon offboarding

Computer regular check-in enforcement

This solution aimed to solve the issue of computers skipping check-in to Jamf. Pendo offered two solutions:

1. Request that employee run Self-Service policy after 7 days.
2. Raise IT support ticket after 10 days

To build solution number one, Oliver created a Jamf Smart Group based on the last check-in for active, enrolled devices, then created a Jamf webhook to alert for Smart Group membership changes, with the URL pointing to the Okta Workflows API endpoint URL. From here, Okta Workflows can see whether or not a device has checked in. Oliver goes into detail in his presentation, explaining the solution’s structure, how the Jamf webhook is parsed and how the username is fetched based on computer ID.

Solution two was built similarly, but the ticket ID was added to the Okta Workflows database. Oliver explains why this ticket ID and keeping data in Okta Workflows tables is important.

Associating computer with Okta user

This solution was built to save time updating Jamf assets on Pendo’s web portal when enrolling a computer. It searches for an Okta user based on asset data and populates the location subset. In the presentation, Oliver diagrams the automation structure and shows the components of the Okta Workflow.

Updating Jamf computers’ records upon offboarding

The goal of this solution was to exclude offboarded users’ computers from ongoing automations, preventing false alerts. The “computer regular check-in enforcement” solution excludes the group “Inactive devices,” which includes computers that are pending wipe, stolen or lost. These computers are identified with text in their computer name. This solution helps append text like “(pending wipe)” to offboarded employees’ computers’ names.

This automation is triggered by Okta account deactivation. From here, all computers associated with the user get “(pending wipe)” appended to the computer name.