Configuring a JSON Web Token

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0
  1. In Jamf Pro, click Settings in the sidebar.
  2. In the Global section, click PKI certificates .
  3. Click the JSON Web Token Configuration tab.
  4. Click New.
  5. Enter a display name for the token.
  6. Select one of the following encryption key options:
    1. Choose Paste or Type Encryption Key, then enter the RSA private encryption key in the Paste the Encryption Key Below field.
    2. Choose Upload Encryption Key File, then click Choose File to upload a .pem file containing the RSA private encryption key.
      Note:

      The OpenSSL binary can be used to generate the RSA private key. To generate an RSA private key using OpenSSL from the service hosting packages or apps, open Terminal and execute the command:

      openssl genrsa -out key.pem 2048

  7. From the Token Expiry pop-up menu, select a time period during which in-house apps and books can be downloaded. After the specified time period, in-house apps and books can no longer be downloaded.
  8. Click Save .

When Jamf Pro sends the device a command to install an in-house app or ebook, a new JWT is generated and added to the download URL as a "token" query parameter. For example, the download URL https://example.com/download/example_app.ipa would look similar to the following with the JWT added:

https://example.com/download/example_app.ipa?token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJBcHBNYW5pZmVzdCIsImlzcyI6IkpTUyIsImV4cCI6MTUwMzMyNDMxNH0.SeoxBY0EaCf4KV3UOyDMmu.