Jamf Policies provide a powerful and flexible way to automate remote management tasks in Jamf Pro. Placing a user into a Jamf policy scope or group can remotely trigger actions like granting administrative permissions, delivering and removing software, or running scripts to perform security/system admin tasks.
Our latest release includes the ITSJamfPolicyUtil - a public scripting library with functions that allow you to import policies from the Jamf API and automate policy membership in ServiceNow workflows and catalog items.
So, what’s possible? Watch this video to find out!
Trigger the following from any ServiceNow contexts (Workflows, UI Actions, Flow Designer, or Scheduled Jobs for example):
Overview:
1. Import policies from the Jamf API with the getJamfPolicies method.
Use this function to import Jamf policy names and ID’s. These can be used in the next steps to automate or check policy membership.
2. Automate Jamf Policy Membership – Add or Remove Computers
You can add computers directly to a policy scope or to a group which is attached to the scope. There are also corresponding ‘remove’ methods to remove from a policy or group.
moveComputerToGroup / removeComputerFromGroup – use these methods to add a computer to, or remove from, a policy group. They both accept three parameters (computerArray, groupId, instanceURL) and they will log an ‘ITSJamfUtil’ error if an exception is caught.
Pass in an array of one or more Jamf computer IDs as the first parameter, the Jamf GroupID for the second param, and the Jamf Instance URL as the third parameter. To remove a computer, use the separate removeComputerFromGroup method.
moveComputerToPolicy / removeComputerFromPolicy – use this method to add a computer directly to, or remove from, a policy scope instead of a group.
Just like the previous method, pass an array of one or more Jamf computer IDs for the first argument, but pass the ID of a Jamf policy for the second argument instead of a group ID. The third argument will be the Jamf Instance URL again.
3. Check Policy Membership
We’ve included two methods to help you quickly check whether a computer is already a member of a given Jamf policy or group. These can be useful after automating a membership change.
Example: Tying it all together and finding your Flow
Once you’ve got Policies imported and you’re familiar with the methods in the ITSJamfPolicyUtil, these functions are ready to use in any custom workflows, scheduled jobs, or service catalog items you want to build out.
Here’s a simple example workflow which checks if a computer is in a Jamf Policy Scope and adds them if they aren’t already a member so that the change will take place next time they check in to Jamf:
Looks simple, right? You can take it to the next level by adding error handling, notifications, and any other ITSM and ITOM functionality expected by your user base and the teams that support them!
Thanks for reading! We hope you get something out of this functionality. If you need help getting started, or if you want to share something cool you’ve built with this functionality, please check out our jamf page!
These Stories on ServiceNow