Edit wiki page "Jamf Pro Deployment" to include link to the Jamf Pro API Credentials page.

bradtchapman commented 1 year ago

Please consider amending this section of the Jamf Pro Deployment page as follows, to help contextualize the suggestion about limiting the API account's privileges.

Configuration Profile payload for API service account

A valid Jamf Pro API credential is required for super to push software updates via MDM commands. This is required for Apple Silicon Macs. The super script will automatically handle the generation and invalidation of the bearer token with Jamf.

By default, the API account should be given "Computers: Read" permissions. For added security, if you want to restrict that account from reading computer records at all, you must deploy a Configuration Profile that contains the computer's Jamf Pro device ID ($JSSID) as a managed preference. This will save super from having to separately poll Jamf to obtain the computer ID.

Macjutsu commented 1 year ago

I'll change this in the v3.0 timeframe.

Macjutsu commented 1 year ago

New Wiki for v3.0... a lot was rewritten... https://github.com/Macjutsu/super/wiki/Jamf-Pro-Deployment

Macjutsu / super

Edit wiki page "Jamf Pro Deployment" to include link to the Jamf Pro API Credentials page. #63