<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=314913&amp;fmt=gif">

Wish you could do more with Jamf Policies in ServiceNow?

Andrea Veenstra
November 23, 2020

Love the ITS Jamf Integration, but wish you could do more with Jamf Policies in ServiceNow?

Jamf Policies provide a powerful and flexible way to automate remote management tasks in Jamf Pro. Placing a user into a Jamf policy scope or group can remotely trigger actions like granting administrative permissions, delivering and removing software, or running scripts to perform security/system admin tasks.

Now you can orchestrate any Jamf Policy from ServiceNow with the ITS Jamf Integration Version 1.2.2! 

Our latest release includes the ITSJamfPolicyUtil - a public scripting library with functions that allow you to import policies from the Jamf API and automate policy membership in ServiceNow workflows and catalog items.

So, what’s possible? Watch this video to find out!

 

Trigger the following from any ServiceNow contexts (Workflows, UI Actions, Flow Designer, or Scheduled Jobs for example): 

  • Import Jamf Policies 
  • Jamf Policy automation – Add / remove computers to Jamf groups or policy scopes 
  • Check Membership of Policy Scopes or Groups 

Overview: 

1. Import policies from the Jamf API with the getJamfPolicies method.  
Use this function to import Jamf policy names and ID’s. These can be used in the next steps to automate or check policy membership.

2. Automate Jamf Policy Membership – Add or Remove Computers
You can add computers directly to a policy scope or to a group which is attached to the scope. There are also corresponding ‘remove’ methods to remove from a policy or group.

moveComputerToGroup / removeComputerFromGroup use these methods to add a computer to, or remove from, a policy group. They both accept three parameters (computerArray, groupId, instanceURL) and they will log anITSJamfUtil error if an exception is caught.  
 
Pass in an array of one or more Jamf computer IDs as the first parameter, the Jamf GroupID for the second param, and the Jamf Instance URL as the third parameter. To remove a computer, use the separate removeComputerFromGroup method. 

Graphical user interface, text, application

Description automatically generated 

moveComputerToPolicy / removeComputerFromPolicy use this method to add a computer directly to, or remove from, a policy scope instead of a group. 
 
Just like the previous method, pass an array of one or more Jamf computer IDs for the first argument, but pass the ID of a Jamf policy for the second argument instead of a group ID. The third argument will be the Jamf Instance URL again.

A screenshot of a social media post

Description automatically generated

 

 

3. Check Policy Membership
We’ve included two methods to help you quickly check whether a computer is already a member of a given Jamf policy or group. These can be useful after automating a membership change.  
 
Graphical user interface, text, application, email

Description automatically generated

 

 

Example: Tying it all together and finding your Flow 

Once you’ve got Policies imported and you’re familiar with the methods in the ITSJamfPolicyUtil, these functions are ready to use in any custom workflows, scheduled jobs, or service catalog items you want to build out.  

Here’s a simple example workflow which checks if a computer is in a Jamf Policy Scope and adds them if they aren’t already a member so that the change will take place next time they check in to Jamf: 

Looks simple, right? You can take it to the next level by adding error handling, notifications, and any other ITSM and ITOM functionality expected by your user base and the teams that support them!  

Thanks for reading! We hope you get something out of this functionality. If you need help getting started, or if you want to share something cool you’ve built with this functionality, please check out our jamf page!

Contact ITS

Subscribe by Email