Jamf Pro User Accounts and Groups

Jamf Pro is a multi-user application. Jamf Pro user accounts and groups allow you to grant different privileges and levels of access to each user.

When configuring a Jamf Pro user account or group, you can grant access to the full Jamf Pro or to a specific site. You can grant privileges by choosing one of the following privilege sets:

• Administrator —

  Grants all privileges

• Auditor —

  Grants all read privileges

• Enrollment Only —

  Grants all privileges required to enroll computers and mobile devices

  Note:

  This includes privileges to do the following:

  • Log in to the Jamf Pro interface

  • Read, create, and delete enrollment invitations

  • Read and delete computer and mobile device records via the Jamf Pro API

• Custom —

  Requires you to grant privileges manually. For a Custom user account or group to have access to a particular function, privileges may need to be granted for multiple objects. For example, to create a mobile device configuration profile, the user needs privileges for both “Mobile Devices” and “Mobile Device Configuration Profiles”.

If there are multiple users that should have the same access level and privileges, you can create a group with the desired access level and privileges and add accounts to it. Members of a group inherit the access level and privileges from the group. Adding an account to multiple groups allows you to grant a user access to multiple sites.

There are two ways to create Jamf Pro user accounts and groups: you can create standard accounts or groups, or you can add them from a Directory Service.

The Jamf Pro User Accounts and Groups settings also allow you to do the following:

• Configure account preferences for each Jamf Pro user account.

• Configure the password settings in the Password Policy for all standard Jamf Pro user accounts.

• Unlock a Jamf Pro user account that is locked.