- JAMF PRO API HOW TO
- JAMF PRO API UPDATE
- JAMF PRO API PRO
- JAMF PRO API PASSWORD
JAMF PRO API UPDATE
The LAPS settings to update field displays the current settings. Scroll down and click the next endpoint PUT /v2/local-admin-password/settings. JAMF PRO API PASSWORD
And it’ll rotate a computer’s managed Apple admin account password automatically one hour after it’s been viewed ( passwordRotationTime is set to “3600” seconds). When LAPS is enabled, It’ll rotate passwords on computers once every three months ( autoRotationExpirationTime is set to “7776000” seconds). It’ll display Jamf Pro’s current LAPS settings.īy default, LAPS is turned off ( autoDeploymentEnabled is set to “false)”.
In the Responses section just below, locate the response body. Click GET /v2/local-admin-password/settings, click Try It Out, and click Execute. (Older v1 endpoints may appear, but they’re deprecated and Jamf will remove them later.) Scroll down and click local-admin-password to review its six new endpoints. The account is authorized for 30 minutes before needing to reauthorize. JAMF PRO API PRO
At the top of the Jamf Pro API page, provide a Jamf Pro username and password (with LAPS privileges) and click Authorize. Open Jamf Pro server in a web browser and append “/api” to the end of the URL (e.g. Let’s see how LAPS is configured by default: View Local Admin Password Audit History. If the privilege set of their account is set to “Custom”, they should verify they have two new privileges enabled under the Privileges tab > Jamf Pro Server Actions: They can do everything in Jamf Pro’s API pages.īefore setting LAPS, administrators should ensure their Jamf Pro account’s Privilege Set is set to “Administrator”. This doesn’t mean administrators need to learn scripting to use LAPS. Jamf will later make LAPS available in the Jamf Pro GUI after refining its feature set. In its initial release, LAPS in Jamf Pro is only available to configure and review via the Jamf Pro API. Review and enable LAPS settings in Jamf Pro Scope and save the PreStage enrollment.Ĭomputers already enrolled using an existing PreStage enrollment are eligible for LAPS management after a Jamf Pro administrator enables the feature. These settings don’t affect LAPS management. Choose whether to hide the account and whether to make it MDM-enabled. (Later, we’ll attempt to authenticate with the known password to verify whether LAPS has rotated it.) Set the Password and Verify Password fields to a known password. Set Username to something like “localadmin” or any single name without spaces. In the Account Settings payload, enable Create a local administrator account before the Setup Assistant. Create a new PreStage enrollment or edit an existing PreStage enrollment. To configure a PreStage enrollment with a managed Apple admin account: Each PreStage enrollment may have its own unique admin username, but computers are still limited to just one managed Apple admin account. Jamf Pro administrators define the name of this account in Computers > PreStage Enrollments. That means LAPS in Jamf Pro can only manage one local admin account. When Automated Device Enrollment creates the local admin account, it becomes the sole managed Apple admin account. Retrieve the local admin username and passwordĭefine the admin account in a PreStage enrollmentĪutomated Device Enrollment must create the local admin account during enrollment. Review and enable LAPS settings in Jamf Pro. Define the admin account in a PreStage enrollment. JAMF PRO API HOW TO
Let’s look at how to use LAPS with Jamf Pro. Jamf Pro’s LAPS supports all recommended macOS versions listed in Jamf Pro’s System Requirements. While Microsoft may have developed the LAPS workflow, Jamf Pro is using Apple’s technology in its implementation.
And if a desktop administrator leaves the organization, someone must change the credentials on all the computers and share the updated password with the remaining administrators.
Because multiple people know the credentials, end user privacy and sensitive data are at risk without any way to audit who and when someone uses them to access a computer. Multiple people know these shared IT admin credentials and they’re easy to reshare to anyone without any means of controlling access. If the credentials are ever exposed to unauthorized persons, the entire fleet is vulnerable to attack. 
Typically, these accounts share the same username and password across computers. But this practice introduces a few major security problems: Since then, it’s become a standard industry term used across platforms.ĭesktop administrators have added shared IT admin accounts to their end users’ computers for decades for those times when they need to sit in front of a computer or remotely control it and log in. It was coined by Microsoft in May 2015 as a solution for automatically rotating passwords of shared IT administrator accounts on end users’ computers. 
LAPS is short for Local Administrator Password Solution. Jamf added support for LAPS in April’s Jamf Pro 10.46.0 release.
0 kommentar(er)
