# Jamf ## Overview Cisco Identity Intelligence can read user and device information from Jamf to determine management status and other security information about your organization's devices to provide additional visibility. The goal of this document is to serve as a guide to set up a data integration between Identity Intelligence and your organization's Jamf environment. ### JAMF Data Integration ### Permission requirements You will need the Admin role in Jamf to add the necessary configuration in Jamf, you will need the Admin role. ### Jamf Pro Configuration Steps 1. Login to Jamf using your Admin account and navigate to **Settings** > **System** 2. Select **API roles and clients**

3. Create a new API role with the following permissions: \ `Read Mobile Devices` `Read Computers` Add the following permissions to enable Device Lockout functionality: `Send Computer Remote Lock Command`\ `Send MDM command information in Jamf Pro API`\ `View MDM command information in Jamf Pro API`

4. Once the new role is created, navigate back to the **API roles and clients** page and create a new client using the role you configured in Step 3

5. Copy the **Client ID** and **Client Secret** for later use in Identity Intelligence ### Identity Intelligence Configuration Steps 1. Login to your Identity Intelligence tenant and navigate to the **Integrations** menu item in the left hand navigation bar 2. Select **Add Integration** 3. Select **Jamf** 4. Enter your desired display name, your **Jamf Instance URL** (ex: `https://foo.jamfcloud.com`), and the Jamf **Client ID** and **Client Secret** referenced above in Step 5 5. Select **Save**