Configuring Cloud Identity Provider Attribute Mappings Using the Jamf Pro API

This article explains how to view and modify attribute mappings using Jamf Pro API when integrating with Cloud Identity Provider (e.g., Google Secure LDAP). For information about default mappings, see the integration section for a specific identity provider of Cloud Identity Providers in the Jamf Pro Administrator's Guide.

Configuring Cloud Identity Provider Attribute Mappings using the Jamf Pro API involves the following steps:

  1. Obtaining the list of configured cloud identity provider instances

  2. Obtaining the current attribute mappings configuration for a specific instance

  3. Updating the attribute mapping configuration for a specific instance

Note:

In the steps below, replace YOUR_JAMF_PRO_URL with the correct URL of your Jamf Pro instance and YOUR_BEARER_TOKEN with the token issued for the appropriate user account. Use the https://YOUR_JAMF_PRO_URL/api/auth/tokens endpoint to obtain the token

Warning:

As the Jamf Pro API continues to be developed, the default mappings configuration in Jamf Pro can be changed in a future release. This may impact or break functionality. Manage these settings with care. It is recommended not to change the default configuration in your production environment.

General Requirements

  • User with an administrator account in Jamf Pro
  • Cloud Identity Provider instance added in Jamf Pro

Step 1: Obtaining the List of Configured Cloud Identity Provider Instances

The following code sample demonstrates how to retrieve the list of all configured cloud identity provider instances:

curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer YOUR_BEARER_TOKEN' 'https://YOUR_JAMF_PRO_URL/api/v1/cloud-idp'

The response contains all configured instances with their identifiers.

Step 2: Obtaining the Current Attribute Mappings Configuration for a Given Instance

Google Secure LDAP

The following code sample demonstrates how to retrieve the current attribute mappings configuration using the identifier (ID) of the instance:

curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer YOUR_BEARER_TOKEN' 'https://YOUR_JAMF_PRO_URL/api/v1/cloud-idp'

The response contains all configured instances with their identifiers.

Azure AD

The following code sample demonstrates how to retrieve the current attribute mappings configuration using the identifier (ID) of the instance:

curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer YOUR_BEARER_TOKEN' 'https://YOUR_JAMF_PRO_URL/api/v1/cloud-azure/ID'

The response contains details of the instance including configured mappings.

Step 3: Updating the Attribute Mapping Configurations for a Specific Instance

Google Secure LDAP

The following code sample demonstrates how to update the attribute mappings configuration using the ID of the instance:

curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: YOUR_BEARER_TOKEN -d '{
  "userMappings": {
    "objectClassLimitation": "ANY_OBJECT_CLASSES",
    "objectClasses": "inetOrgPerson",
    "searchBase": "ou=Users",
    "searchScope": "FIRST_LEVEL_ONLY",
...
  ]
}' 'https://YOUR_JAMF_PRO_URL/api/v2/cloud-ldaps/ID/mappings'
Note:

The full JSON configuration is not included in the sample for clarity.

Azure AD
The following code sample demonstrates how to update the attribute mapping configurations using the identifier (ID) of the instance:
curl -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: YOUR_BEARER_TOKEN -d '{
  "cloudIdPCommon": {
    ...
  },
  "server": {
    "id": "1",
    "tenantId": "899878d0-7f02-4ncb-9ao1-37d3dce0f0dz",
    "enabled": true,
    "mappings": {
      "userId": "id",
      "userName": "userPrincipalName",
      "realName": "displayName",
      "email": "mail",
      "department": "department",
      "building": "",
      "room": "",
      "phone": "mobilePhone",
      "position": "employeeType",
      "groupId": "id",
      "groupName": "displayName"
    },
...
  }
}' 'https://YOUR_JAMF_PRO_URL/api/v1/cloud-azure/ID'
Note:

The full JSON configuration is not included in the sample for clarity.