Love the ITS Jamf Integration, but wishyou could do more with Jamf Policies in ServiceNow?
Jamf Policies provide a powerful and flexible way to automate remote management tasks in Jamf Pro. Placing a user into a Jamf policy scope or group can remotely trigger actions like granting administrative permissions, delivering and removing software, or running scripts to perform security/system admin tasks.
Now you can orchestrate any Jamf Policy from ServiceNow with the ITS Jamf Integration Version 1.2.2!
Our latest release includes the ITSJamfPolicyUtil - a public scripting library with functions that allow you to import policies from the Jamf API and automate policy membership in ServiceNow workflows and catalog items.
Trigger the following from any ServiceNow contexts (Workflows, UI Actions, Flow Designer, or Scheduled Jobs for example):
Import Jamf Policies
Jamf Policy automation – Add / remove computers to Jamf groups or policy scopes
Check Membership of Policy Scopes or Groups
1. Import policies from the Jamf API with the getJamfPolicies method. Use this function to import Jamf policy names and ID’s. These can be used in the next steps to automate or check policy membership.
2. Automate Jamf Policy Membership – Add or Remove Computers You can add computers directly to a policy scopeor to a group which is attached to the scope. There are also corresponding ‘remove’ methods to remove from a policy or group.
moveComputerToGroup/ removeComputerFromGroup– use these methods to add a computer to,or remove from, a policy group.Theyboth accept three parameters (computerArray, groupId, instanceURL) and they will log an ‘ITSJamfUtil’ error if an exception is caught. Pass in an array of one or more Jamf computer IDs as the first parameter, the JamfGroupID for the second param, and the Jamf Instance URL as the third parameter. To remove a computer, use the separate removeComputerFromGroup method.
moveComputerToPolicy/ removeComputerFromPolicy– use this method to add a computer directly to, or remove from, a policy scope instead of a group. Just like the previous method, pass an array of one or more Jamf computer IDs for the first argument, but pass the ID of a Jamf policy for the second argument instead of a group ID. The third argument will be the Jamf Instance URL again.
3. Check Policy Membership We’ve included two methods to help you quickly check whether a computer is already a member of a given Jamf policy or group. These can be useful after automating a membership change.
Example: Tying it all together and finding your Flow
Once you’ve got Policies imported and you’re familiar with the methods in the ITSJamfPolicyUtil, these functions are ready to use in any custom workflows, scheduled jobs, or service catalog items you want to build out.
Here’s a simple exampleworkflow which checks if a computer is in a Jamf Policy Scope and adds them if they aren’t already a member so that the change will take place next time they check in to Jamf:
Looks simple, right? You can take it to the next level by adding error handling, notifications, and any other ITSM and ITOM functionalityexpected by your user base and the teams that support them!
Thanks for reading! We hope you get something out of this functionality. If you need help getting started, or if you want to share something cool you’ve built with this functionality, please check out our jamf page!