Users
Fetches user records from Jamf Pro via the Jamf Pro API (/api/v1/users), including contact details, LDAP server associations, sites, and extension attributes.
Sync Type: Full Synchronization
Prerequisites
Before connecting Monad to Jamf Pro, you need:
- An active Jamf Pro instance (cloud-hosted at
*.jamfcloud.comor self-hosted). - The Base URL of your Jamf Pro tenant (e.g.
https://acme.jamfcloud.com). - An OAuth2 API client (Client ID and Client Secret) with read access to user records. See the Authentication section below for steps to create one.
Creating an API Client in Jamf Pro
- Log in to your Jamf Pro instance.
- Navigate to Settings > System > API Roles and Clients.
- First, create an API Role:
- Click New under the API Roles tab.
- Give the role a descriptive name (e.g.,
monad-users-read). - Grant the Read Users privilege.
- Save the role.
- Next, create an API Client:
- Click New under the API Clients tab.
- Give the client a descriptive name (e.g.,
monad-users). - Assign the API Role you just created.
- Set an appropriate token lifetime.
- Click Enable API Client, then save.
- After saving, click Generate Client Secret.
- Copy the Client ID and Client Secret — the secret is shown only once, so store it securely.
Configuration
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Base URL | string | Yes | The base URL for your Jamf Pro tenant (e.g. https://acme.jamfcloud.com). |
| Cron Schedule | string | Yes | Cron expression that controls how often the connector runs a full user sync. Example: 0 0 * * * for daily at midnight. Defaults to 0 * * * * (hourly). |
| Use Synthetic Data | boolean | No | Generate synthetic data for testing instead of connecting to the real Jamf Pro API. Defaults to false. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| Client ID | secret | Yes | OAuth2 client_id created under Settings → API Roles and Clients in Jamf Pro. |
| Client Secret | secret | Yes | OAuth2 client_secret paired with the Client ID. |
Setup Walk-through
-
Create an API client — follow the Authentication section above to create an API Role with Read Users access, generate an API Client, and copy the Client ID and Client Secret.
-
Note your Base URL — this is the hostname of your Jamf Pro instance (e.g.
https://acme.jamfcloud.com). -
Create the input in Monad:
- Open your Monad workspace and navigate to Inputs.
- Click Add Input and select Jamf — Users.
-
Fill in the configuration:
- Enter the Base URL of your Jamf Pro tenant.
- Paste the Client ID and Client Secret from your API client.
- Set the Cron Schedule to control how often a full user sync runs (for example,
0 0 * * *for once daily).
-
Save and test — click Test Connection. Monad will authenticate with Jamf Pro and verify the credentials are valid.
-
Activate — once the connection test passes, enable the input. Monad will fetch the full list of users and retrieve detailed records for each user on every scheduled run.
Troubleshooting
Common Issues
-
Authentication Errors (401 / 403)
- Confirm the Client ID and Client Secret are correct and have not been revoked.
- Verify the API client is enabled in Jamf Pro under Settings > API Roles and Clients.
- Ensure no extra whitespace was included when copying the credentials.
- Check that the API Role assigned to the client includes the Read Users privilege.
- Regenerate the client secret in Jamf Pro if you suspect it has been compromised.
-
Invalid or Unreachable Base URL
- Confirm the Base URL uses
https://and matches your Jamf Pro tenant hostname exactly (e.g.https://acme.jamfcloud.com). - Verify the Jamf Pro instance is reachable from the network where Monad is running.
- Confirm the Base URL uses
-
Empty Results
- Confirm that user records exist in your Jamf Pro instance.
- Verify the API Role includes Read Users and not just computer or device permissions.
- Check the pipeline logs for any API errors returned from Jamf Pro.
-
Invalid Cron Expression
- Ensure the cron expression uses standard 5-field syntax. Refer to Cron Expression Syntax for guidance.