JAMF Pro
JAMF Pro enables Apple device data synchronization from your JAMF Cloud instance. This integration is intended for districts that manage macOS, iOS/iPadOS, and tvOS devices through JAMF Pro and want richer device detail inside Manage1to1 without changing how inventory is managed.
Manage1to1 supports JAMF Cloud instances only. On-premise JAMF Pro servers are not supported.
Before You Start
To configure JAMF Pro integration, you will need:
- Administrator access to your JAMF Cloud instance
- The URL of your JAMF Cloud instance (e.g.,
https://yourschool.jamfcloud.com) - An API Client with appropriate permissions (see below)
Step 1: Create API Credentials in JAMF Cloud
Manage1to1 connects to JAMF Cloud using API Client Credentials (OAuth2).
Create an API Role
- Log in to your JAMF Cloud instance
- Navigate to Settings → System → API Roles and Clients
- Click New under API Roles
- Name the role (e.g., "Manage1to1 Integration")
- Assign the following Read privileges:
| Privilege | Purpose |
|---|---|
| Read Computers | Sync macOS device data (model, OS, storage, security, apps) |
| Read Mobile Devices | Sync iOS/iPadOS and tvOS device data |
| Send Computer Remote Lock Command | Required only if using Device Disable for Macs |
| Send Mobile Device Remote Lock Command | Required only if using Device Disable for mobile devices |
| Send Mobile Device Lost Mode Command | Required only if using Lost Mode |
| Update User | Required only if using Checkout Writeback |
Start with just Read Computers and Read Mobile Devices. You can add the optional permissions later if you enable Checkout Writeback, Device Disable, or Lost Mode.
Create an API Client
- Under API Roles and Clients, click New under API Clients
- Name the client (e.g., "Manage1to1")
- Assign the API Role you just created
- Enable the client
- Note the Client ID and Client Secret — you'll need these in Manage1to1
The Client Secret is only displayed once when the client is created. Copy it immediately and store it securely. If lost, you'll need to regenerate the secret.
Step 2: Activate JAMF Pro in Manage1to1
Navigate to Settings → MDM Settings in Manage1to1.
Locate the JAMF Pro tile and select Activate.
Step 3: Configure the Connection
After activating, you will be prompted to enter your JAMF Pro connection details:
- JAMF Pro URL — Enter your JAMF Cloud URL (e.g.,
https://yourschool.jamfcloud.com) - API Client ID — Enter the Client ID from Step 1
- API Client Secret — Enter the Client Secret from Step 1
- Select Test Configuration to verify the connection
- Save the configuration
If the test succeeds, Manage1to1 can communicate with your JAMF Cloud instance.
Step 4: Sync Device Data
After configuration, device data will begin syncing automatically. Manage1to1 syncs with JAMF Pro periodically throughout the day.
You can also view the latest JAMF Pro data for any individual device by opening the device info panel and selecting Refresh Now.
Manage1to1 syncs JAMF Pro data only for active devices. Devices with a status that has auto-hide enabled (e.g., Released, Retired) are excluded from sync to avoid unnecessary API calls for devices no longer in use.
A device must exist in Manage1to1 first (with a matching serial number) before data will sync. Devices that exist only in JAMF Pro are not automatically imported into Manage1to1.
What Data Syncs
Manage1to1 pulls comprehensive device details from JAMF Pro. The data available varies by device type:
All Device Types
| Data | Description |
|---|---|
| Device Name | The name assigned to the device in JAMF |
| Model | Full model name (e.g., "MacBook Air (M1, 2020)", "iPad (A16)") |
| OS Version | Operating system version and build number |
| Last Check-In | When the device last contacted JAMF Pro |
| IP Address | Last known IP address |
| WiFi MAC Address | Device wireless MAC address |
| Supervised | Whether the device is supervised |
| Managed | Whether the device is under MDM management |
| Ownership | Device ownership level (Institutional or Personal) |
| Enrollment Method | How the device was enrolled (PreStage/DEP, User-Initiated, etc.) |
| Configuration Profiles | Number of profiles installed on the device |
macOS Computers (MacBooks, iMacs, Mac Minis, etc.)
| Data | Description |
|---|---|
| Processor | Chip type and core count (e.g., "Apple M1 (8-core)") |
| Memory | Installed RAM |
| Storage | Disk capacity, used space, and percentage (shown as a progress bar) |
| Battery Level | Current charge percentage (laptops only — not shown for desktops) |
| Battery Health | Battery condition — Normal, Service Recommended, etc. (laptops only) |
| FileVault | Disk encryption status |
| SIP | System Integrity Protection status |
| Gatekeeper | macOS security gate status |
| Firewall | Whether the firewall is enabled |
| Activation Lock | Whether Activation Lock is enabled |
| Installed Apps | Number of applications installed |
iOS/iPadOS Devices (iPads, iPhones)
| Data | Description |
|---|---|
| Storage | Device capacity, used space, and percentage (shown as a progress bar) |
| Battery Level | Current charge percentage (shown as a progress bar) |
| Battery Health | Battery condition — Normal, Service Recommended, etc. |
| Passcode | Whether a passcode is set on the device |
| Activation Lock | Whether Activation Lock is enabled |
| Installed Apps | Number of applications installed |
tvOS Devices (Apple TVs)
Apple TVs sync basic information (name, model, OS version, IP, profiles) but do not report storage, battery, or app data.
This data appears on the device profile in Manage1to1 and is used to power MDM Statistics and Reports.
Matching Behavior
JAMF Pro sync matches devices by serial number. Matching is case-insensitive — a serial entered as f0c65qynw1 in Manage1to1 will match F0C65QYNW1 in JAMF Pro.
For a device to sync:
- The device must exist in Manage1to1
- The serial number in Manage1to1 must match the serial number in JAMF Pro
- The device must not be hidden (devices with an auto-hide status are skipped)
If a device does not match, Manage1to1 skips it rather than creating a new record. This protects districts from inventory drift caused by old or retired devices still present in JAMF Pro.
Optional Features
Checkout Writeback
When enabled, Manage1to1 updates the assigned user field in JAMF Pro whenever a device is checked out or checked in. This keeps JAMF Pro user assignments in sync with your Manage1to1 checkout records.
Requires: Update User permission on the API role.
Device Disable
When enabled, administrators with the appropriate Manage1to1 permissions can remotely lock a device directly from Manage1to1. This sends a lock command through JAMF Pro.
- For macOS computers, this sends a device lock command
- For iOS/iPadOS devices, this enables or disables Lost Mode
Requires: Send Computer Remote Lock Command and/or Send Mobile Device Remote Lock Command permissions on the API role.
Lost Mode
When enabled, marking a device as lost in Manage1to1 will automatically enable Lost Mode on the device through JAMF Pro. You can configure a custom message that displays on the device's lock screen.
Lost Mode is supported on supervised iOS/iPadOS devices. macOS devices receive a lock command instead.
Requires: Send Mobile Device Lost Mode Command permission on the API role.
Common Troubleshooting
Connection test fails
- Verify the JAMF Cloud URL is correct and includes
https:// - Confirm the Client ID and Client Secret are entered correctly
- Check that the API Client is enabled in JAMF Cloud
- Verify the API Client has at least Read Computers and Read Mobile Devices permissions
Devices are not syncing
- Verify the device exists in Manage1to1 with the correct serial number
- Confirm the device is enrolled and visible in JAMF Pro
- Check that the device is not hidden in Manage1to1 (hidden devices are excluded from sync)
- Allow up to one sync cycle for new devices to appear
Some device data is missing
- Not all fields are available for every device type — for example, desktops don't report battery, and Apple TVs don't report storage
- Recently enrolled devices may not have all data populated until their next JAMF check-in
- Security data (SIP, Gatekeeper, Firewall) requires the device to have completed an inventory report — newly enrolled devices may show these as blank initially
Checkout Writeback not updating JAMF Pro
- Verify the Checkout Writeback toggle is enabled in the JAMF Pro settings
- Confirm the API role includes the Update User permission