Jamf Pro can be integrated with a network access management service, such as Cisco Identity Services Engine (ISE). Network integration allows the service to communicate with Jamf Pro to verify that the computers and mobile devices on your network are compliant with your organization’s standards. With information from Jamf Pro, the service can determine the level of network access to grant to a computer or mobile device, provide messaging to end users, and refer end users to enroll their computers and mobile devices to Jamf Pro to become compliant.
Note: When the network access management service refers end users to enroll their computer or mobile device with Jamf Pro, an enrollment URL is provided to the user in a webpage when they access the Internet. The end user can then access the enrollment URL to enroll with Jamf Pro via user-initiated enrollment. For more information, see User-Initiated Enrollment Settings.
Network integration can also allow the network access management service to send remote commands to computers and mobile devices via Jamf Pro, including passcode lock and wipe commands.
Creating a network integration instance in Jamf Pro prepares Jamf Pro to integrate with a network access management service. This allows you to do the following:
When sites are defined in Jamf Pro, select the site to add the network integration instance to.
Select the saved advanced computer search and advanced mobile device search to be used by the network access management service to verify computers and mobile devices that are compliant with your organization’s standards. Computers and mobile devices that appear in the search results are reported as compliant to the network access management service.
Specify compliance verification failure and compliance remediation messaging that can be displayed to end users via the network access management service.
Configure the passcode to be used when remotely locking or wiping computers via the network access management service.
After saving the network integration instance, view the network integration URL to be used by the network access management service to communicate with the specific Jamf Pro network integration instance.
Important: When using network integration on a per-site basis in Jamf Pro, ensure that any site-specific configuration profiles and policies in Jamf Pro do not conflict with computer and mobile device compliance verification performed through network integration.
For more information and requirements for configuring your network access management service to communicate with an MDM server, see your vendor’s documentation.
To allow the network access management service to send remote commands via Jamf Pro, your environment must meet the requirements for sending remote commands to computers and mobile devices. For more information, see Remote Commands for Computers and Remote Commands for Mobile Devices.
Adding a Network Integration Instance
Log in to Jamf Pro.
In the top-right corner of the page, click Settings .
Click Network Organization.
Click Network Integration .
Click New .
Note: Only one network integration instance can be added per site in Jamf Pro. If all sites already have a network integration instance, you will not be able to add a new one.
Configure the network integration instance using the settings on the pane, including the site, the advanced computer search and advanced mobile device search to be used for compliance verification, compliance messaging to be displayed to users, and the remote lock and wipe passcode setting for computers.
Note: If you select the “Create Random Passcode” option for the passcode assignment method for computers, to identify the passcode used for a remote lock or wipe on a specific computer, you will need to view the management history for the computer in Jamf Pro. For more information, see Viewing the History for a Computer.
Click Save .
After saving the network integration instance, a unique network integration URL appears at the bottom of the pane. This URL will be used by the network access management service to communicate with the specific Jamf Pro network integration instance.
For related information, see the following sections in this guide: