Frontline Inventory & Help Desk Management
Frontline Inventory & Help Desk Management

Jamf Pro MDM Integration Guide

Print

Frontline Asset Management integrates with Jamf Pro (computers and mobile devices) to keep Apple device data in sync with your asset records.

The nightly integration:

  • Pulls key device properties from Jamf Pro.
  • Displays those properties in asset records, grids, reports, and exports.

Synced Data Fields

Asset Management MDM Field Jamf Pro Computer Jamf Pro Mobile Device
Device Name name udid
External IP lastIpAddress ipAddress
Internal IP lastReportedIp ipAddress
Last Login Date
Last Login User username username
Last Seen Date lastContactTime lastInventoryUpdateTimestamp
Latitude / Longitude location.position (only when device is designated as “lost” in Jamf)
MAC Address macAddress wifiMacAddress
MDM Status
Operating System version osVersion
Note: Fields marked “—” are not provided by Jamf for that device type.

Accessing Integration Settings

am manage jamf pro integration settings.png

Administrators configure and monitor the integration in Management > Integration Settings > Jamf Integrations.

UI Element Purpose
Job History Shows each nightly ETL run with start time, job name, status, and notes.
Initiate One-Time Sync Runs an on-demand sync.
Client ID / Client Secret OAuth credentials from Jamf.
Service Endpoint Completes OAuth handshake.
Save Your Jamf Pro URL.
Note: If the client ID/secret are not yet populated, complete Jamf Pro setup and authorization to set up the sync.

Jamf Pro Setup & Authorization

Note: Jamf’s UI may change, but the essentials remain the same: create an API role with the required read privileges for computers, mobile devices, sites, and users, then either a service account (username + password) for the classic API or an API client to generate a bearer token. Enter the Jamf Pro URL, plus those credentials, in Frontline Asset Management and the nightly sync will run successfully.

Create a Service Account (Classic API) or Bearer Token Role

am authenticate jamf pro.png
  1. In Jamf Pro: Settings > System > User Accounts and Groups > New > Create Standard Account.
  2. On the Account tab, set:
    • Username: assetmgmt_sync
    • Access Level: Full Access
    • Privilege Set: Administrator
    • Access Status: Enabled
  3. Click Save, then store the username and password for Asset Management.
  4. Enter the Jamf Pro URL, username, and password in the “Jamf Integrations” panel in Asset Management, then click Save.
  5. Run Initiate One-Time Sync to verify the connection.

Additional Resource

For a detailed walkthrough, see “Provisioning Asset Management in Jamf Pro."

Monitoring, Verification and Data Access

Nightly Sync Logic

  • Runs once every night.
  • Matches devices by serial number; if there is no serial, there is no update.
  • Duplicate serials trigger a warning and are skipped.

Verifying a Sync

  1. Check the "Job History" grid for "Completed" status.
  2. Open a tag record and confirm MDM fields are populated.
  3. Compare values with Jamf if needed.

Download the Device Import Information Report

  1. Click the Completed link in the "Job History" grid.
  2. On the next page, scroll to the bottom and select Download device import information.
  3. Review the CSV to see which serials were updated, skipped, or not found.

Viewing MDM Data

Where How to Use
“Tag Information” modal View MDM fields for a single asset.
“Tags” grid (Columns) Add MDM columns, filter/sort, then Export for bulk review.

Known Limitations

  • Devices must already exist in Asset Management; the sync does not create new assets.
  • No other bidirectional actions (for example, changing OU or deprovisioning) are supported.
  • MDM fields are read-only and not yet available in audit workflows.
  • Some data points may be blank if Jamf does not supply them for a given device type.
  • Jamf School is not supported.

Frequently Asked Questions

How can I tell if my OAuth credentials have expired?

In Integration Settings > Jamf Integrations, an "Authentication Required" message displays in red when the token is invalid or expired. Validate and reclick Save Jamf settings with a client ID/client secret/service endpoint.

Why did my newly purchased iPad not appear after the sync?

The nightly job updates existing assets only. Import or create the asset in Asset Management (via purchasing spreadsheet import, manual add, or Room Initialization) so the serial number exists before the next sync. Then the integration can populate MDM fields.

Can we sync latitude/longitude or last login date for Jamf endpoints?

Jamf’s current APIs do not supply every value by default. Frontline will monitor Jamf updates and add support if the data become available in the future.

Do I need a Jamf Super Admin authentication for this integration?

Read access to computers, mobile devices, sites, and users is required. Write access is optional, as we do not yet have features for writing back to Jamf.

Was this article helpful?