Skip to main content
Connect to Jamf Pro using OAuth client credentials
This guide walks you through creating an API client in Jamf Pro and connecting it to Ravenna.

Prerequisites

Before you begin, ensure you have:
  • Jamf Pro instance (Jamf Cloud or self-hosted)
  • Admin access to Jamf Pro
  • Your Jamf Pro server URL

Setup guide

Create API client in Jamf Pro

1

Navigate to API settings

  1. Sign in to your Jamf Pro web interface
  2. Navigate to Settings > System > API Roles and Clients
2

Create API role

  1. Click the API Roles tab
  2. Click New to create a new role
  3. Enter the following details:
    • Display Name: Ravenna Integration
    • Privileges: Select the following:
      • Read Computers
      • Read Computer Inventory Collection
      • Read Users
  4. Click Save
These are minimum required permissions for basic device lookup. For additional workflow actions, add the following privileges:Lock Computer action:
  • View MDM command information in Jamf Pro API
  • Send Computer Remote Lock Command
  • Send MDM command information in Jamf Pro API
  • Create Computers
Get FileVault Recovery Key action:
  • View Disk Encryption Recovery Key
3

Create API client

  1. Click the API Clients tab
  2. Click New to create a new client
  3. Enter the following details:
    • Display Name: Ravenna
    • API Role: Select the role you created in the previous step
    • Access Token Lifetime: 30 minutes (default)
    • Enabled: Yes
  4. Click Save
4

Generate client credentials

  1. After saving, click Generate Client Secret
  2. Copy both the Client ID and Client Secret
The client secret is only shown once. Store it securely before closing this dialog.

Add integration in Ravenna

1

Navigate to integrations

  1. Go to Settings > Integrations
  2. Find Jamf Pro in the Device Management section
2

Select Jamf Pro

Click Connect on the Jamf Pro integration card
3

Configure credentials

Provide the following information:
serverUrl
string
required
Your Jamf Pro server URL (e.g., https://company.jamfcloud.com)
For Jamf Cloud, use your organization’s Jamf Cloud URL. For self-hosted instances, use your custom domain.
clientId
string
required
The client ID from your Jamf Pro API client
clientSecret
string
required
The client secret you generated in Jamf Pro
4

Complete setup

Click Connect to complete the integration. This will:
  1. Obtain an access token using your credentials
  2. Test connectivity to your Jamf Pro server
  3. Verify API permissions

Troubleshooting

Cause: Client credentials are invalid or the API client is disabledSolution:
  • Verify the client ID and secret were copied correctly
  • Check that the API client is enabled in Jamf Pro
  • Ensure the server URL is correct and accessible
  • Generate a new client secret if needed
Cause: Cannot reach Jamf Pro server URLSolution:
  • Verify the server URL is correct and accessible
  • Ensure the URL includes the protocol (https://)
  • For self-hosted instances, verify DNS resolution and firewall rules
Cause: API role doesn’t have required permissionsSolution:
  • Verify the API role includes “Read Computers” and “Read Computer Inventory Collection” permissions
  • Update the role with additional permissions if needed
  • Ensure the API client is assigned to the correct role
Cause: Cannot match user to a Jamf Pro deviceSolution:
  • Verify the device is enrolled in Jamf Pro
  • Check that User and Location information is populated on the device
  • Ensure the user’s email matches the device assignment in Jamf Pro