# Users Fetches user records from Jamf Pro via the Jamf Pro API (`/api/v1/users`), including contact details, LDAP server associations, sites, and extension attributes. **Sync Type: Full Synchronization** ## Prerequisites Before connecting Monad to Jamf Pro, you need: 1. An active Jamf Pro instance (cloud-hosted at `*.jamfcloud.com` or self-hosted). 2. The **Base URL** of your Jamf Pro tenant (e.g. `https://acme.jamfcloud.com`). 3. An **OAuth2 API client** (Client ID and Client Secret) with read access to user records. See the Authentication section below for steps to create one. ### Creating an API Client in Jamf Pro 1. Log in to your Jamf Pro instance. 2. Navigate to **Settings** > **System** > **API Roles and Clients**. 3. First, create an **API Role**: - Click **New** under the API Roles tab. - Give the role a descriptive name (e.g., `monad-users-read`). - Grant the **Read Users** privilege. - Save the role. 4. Next, create an **API Client**: - Click **New** under the API Clients tab. - Give the client a descriptive name (e.g., `monad-users`). - Assign the API Role you just created. - Set an appropriate token lifetime. - Click **Enable API Client**, then save. 5. After saving, click **Generate Client Secret**. 6. Copy the **Client ID** and **Client Secret** — the secret is shown only once, so store it securely. ## Configuration ### Settings | Setting | Type | Required | Description | | ------- | ---- | -------- | ----------- | | Base URL | string | Yes | The base URL for your Jamf Pro tenant (e.g. `https://acme.jamfcloud.com`). | | Cron Schedule | string | Yes | Cron expression that controls how often the connector runs a full user sync. Example: `0 0 * * *` for daily at midnight. Defaults to `0 * * * *` (hourly). | | Use Synthetic Data | boolean | No | Generate synthetic data for testing instead of connecting to the real Jamf Pro API. Defaults to `false`. | ### Secrets | Secret | Type | Required | Description | | ------ | ---- | -------- | ----------- | | Client ID | secret | Yes | OAuth2 client_id created under Settings → API Roles and Clients in Jamf Pro. | | Client Secret | secret | Yes | OAuth2 client_secret paired with the Client ID. | ## Setup Walk-through 1. **Create an API client** — follow the Authentication section above to create an API Role with **Read Users** access, generate an API Client, and copy the Client ID and Client Secret. 2. **Note your Base URL** — this is the hostname of your Jamf Pro instance (e.g. `https://acme.jamfcloud.com`). 3. **Create the input in Monad**: - Open your Monad workspace and navigate to **Inputs**. - Click **Add Input** and select **Jamf — Users**. 4. **Fill in the configuration**: - Enter the **Base URL** of your Jamf Pro tenant. - Paste the **Client ID** and **Client Secret** from your API client. - Set the **Cron Schedule** to control how often a full user sync runs (for example, `0 0 * * *` for once daily). 5. **Save and test** — click **Test Connection**. Monad will authenticate with Jamf Pro and verify the credentials are valid. 6. **Activate** — once the connection test passes, enable the input. Monad will fetch the full list of users and retrieve detailed records for each user on every scheduled run. ## Troubleshooting ### Common Issues 1. **Authentication Errors (401 / 403)** - Confirm the Client ID and Client Secret are correct and have not been revoked. - Verify the API client is enabled in Jamf Pro under **Settings** > **API Roles and Clients**. - Ensure no extra whitespace was included when copying the credentials. - Check that the API Role assigned to the client includes the **Read Users** privilege. - Regenerate the client secret in Jamf Pro if you suspect it has been compromised. 2. **Invalid or Unreachable Base URL** - Confirm the Base URL uses `https://` and matches your Jamf Pro tenant hostname exactly (e.g. `https://acme.jamfcloud.com`). - Verify the Jamf Pro instance is reachable from the network where Monad is running. 3. **Empty Results** - Confirm that user records exist in your Jamf Pro instance. - Verify the API Role includes **Read Users** and not just computer or device permissions. - Check the pipeline logs for any API errors returned from Jamf Pro. 4. **Invalid Cron Expression** - Ensure the cron expression uses standard 5-field syntax. Refer to [Cron Expression Syntax](https://crontab.guru/) for guidance. ## Related Articles - [Jamf Pro API Documentation](https://developer.jamf.com/jamf-pro/docs) - [Jamf Pro API Reference](https://developer.jamf.com/jamf-pro/reference/jamf-pro-api) - [Jamf Pro API Roles and Clients](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/API_Roles_and_Clients.html)