Integration with Jamf Pro

Note - Harmony Mobile does not support integration with Jamf Now.

Preparing the UEM Platform for Integration

Introduction

Harmony Mobile service integrates with Jamf Pro through the existing API. To enable the integration, you must first create a Jamf Pro API account. Harmony Mobile uses API for the device records synchronization, device apps list retrieve, and for reporting device risk level to Jamf Pro. Jamf Pro deploys Harmony Mobile Protect App on a device to streamline the device enrollment.

General Workflow

  1. Create a Jamf Pro account. See Creating an API Account.

  2. Configure the account privileges. See Configuring Privileges for API Account.

  3. Configure Jamf Pro to Deploy the Harmony Mobile Protect App. See Configuring Jamf to Deploy the Harmony Mobile Protect App.

 

Creating an API Account

You must create a dedicated API account user in your Jamf Pro.

To create an API account:

  1. Log in to Jamf Pro.

  2. Go to Settings > System Settings > Jamf Pro User Accounts & Groups.

  3. Click New.

  4. Go to Choose an Action > Create Standard Account.


  5. Click Next.

    The New Account window appears.

  6. Enter all relevant information in the required fields.

        


Configuring Privileges for API Account

Note - To configure a POC or demo, set Privilege Set to Admin.

 

For a production and testing environment, we highly recommend that you use an API account with limited permissions, as described below.

To configure privileges for an API account:

 

  1. Go to the Account > Privileges section.

  2. Verify that Access Status is set to Enabled.

  3. Configure the API account:

    1. Configure Basic Privileges.

    2. In the Jamf Pro Server Objects section, check the Read option for all the settings.

    3. Configure Mitigation Privileges.

      In the Jamf Pro Server Objects section, create a custom set of Mitigation Privileges for Mobile Device Extension Attributes and for Mobile Devices.


   

  1. Click OK.

 

Configuring Jamf to Deploy the Harmony Mobile Protect App

This configuration simplifies the Harmony Mobile Protect App deployment and activation on managed devices.

Note - If you configured Jamf Pro for Whitelisting Apps, you must add the Harmony Mobile Protect App to the allowed list.

 

To configure Jamf Pro to deploy the Harmony Mobile Protect App:

  1. Add the Harmony Mobile Protect App to your App Catalog. See Adding the Harmony Mobile Protect App to App Catalog.

  2. Connect the app to your devices. See Adding Configuration to Harmony Mobile Application.

  3. Configure the distribution method for the app. See Configuring Distribution Method.

  4. Assign the app to the selected groups of users or devices. See Assigning Harmony Mobile Application to Groups of Users or Devices.

 

Adding the Harmony Mobile Protect App to App Catalog

Note - As you create the Harmony Mobile Protect App for your catalog, change the name from New Mobile Device App to Harmony Mobile Protect App.

To add the Harmony Mobile Protect App to your App Catalog:

 

  1. Go to Devices > Mobile Device Apps > New.


  2. Select the type of the App:

    1. In Choose an App Type section, verify that App Store app or apps purchased in volume is selected.

    2. Click Next.

  3. Search for the Harmony Mobile in the App store:

    1. In the Search or Upload text field, enter Harmony Mobile Protect App.

    2. Select the app store in the relevant country.

    3. Click Next.

  4. In the Add an App > iPhone & iPod touch Apps > Harmony Mobile Protect App row, click Add.

    Note - To set the App parameters, see Setting Parameters for the Harmony Mobile Protect App in your App Catalog.

  5. Click Save.

   

Setting Parameters for the Harmony Mobile Protect App in your App Catalog

Adding Configuration to Harmony Mobile Application

  1. In the Devices window, go to Mobile Device Apps.

  2. Go to the App Configuration section and in the Preferences field, add this text:

    <dict>
<key>Lacoon Server Address</key>
<string>gw</string>
<key>Device Serial Number</key>
<string>$SERIALNUMBER</string>
<key>token</key>
<string>hash_tenant_id</string>
</dict>

    hash_tenant_id is the SHA-256 value of the Dashboard Management ID. You must use the token configured in the Deployment section. For more information, see Configuring Jamf Pro Integration Settings.

  3. Click Done.

Configuring Distribution Method

  1. In the Devices window, go to the Harmony Mobile Protect App > General section.

  2. Go to the Distribution Method section and select Install Automatically/Prompt Users to Install.

  3. Select these checkboxes:

    • Schedule Jamf Pro to automatically check iTunes for app updates

    • Automatically Force App Updates

    • Make app managed if currently installed as unmanaged

Assigning Harmony Mobile Application to Groups of Users or Devices

  1. In the Devices window, go to the Harmony Mobile Protect App > Scope section.

  2. For Selected Deployment Targets, click Add.

  3. Select the specific mobile device and /or specific user groups to deploy.

  4. Click Done.