Jamf Pro User Accounts and Groups
Jamf Pro is a multi-user application. Jamf Pro user accounts and groups allow you to grant different
privileges and levels of access to each user.
When configuring a Jamf Pro user account or group, you can grant access to the full Jamf Pro or to a
specific site. You can grant privileges by choosing one of the following privilege sets:
Administrator—Grants all privileges.
Auditor—Grants all read privileges.
Enrollment Only—Grants all privileges required to enroll computers and mobile devices.
Note: This includes privileges to do the following:
Log in to the Jamf Pro interface
Read, create, and delete enrollment invitations
Read and delete computer and mobile device records via the Jamf Pro API
Custom—Requires you to grant privileges manually. For a Custom user account or group to have
access to a particular function, privileges may need to be granted for multiple objects. For example,
to create a mobile device configuration profile, the user needs privileges for both “Mobile Devices”
and “Mobile Device Configuration Profiles”.
If there are multiple users that should have the same access level and privileges, you can create a
group with the desired access level and privileges and add accounts to it. Members of a group inherit
the access level and privileges from the group. Adding an account to multiple groups allows you to
grant a user access to multiple sites.
There are two ways to create Jamf Pro user accounts and groups: you can create standard accounts
or groups, or you can add them from an LDAP directory service.
Important: It is recommended that you have at least one account that is not from an LDAP
directory service in case the connection between the Jamf Pro server and the LDAP server is
interrupted.
The Jamf Pro User Accounts and Groups settings also allow you to do the following:
Configure account preferences for each Jamf Pro user account.
Configure the password settings in the Password Policy for all standard Jamf Pro user accounts.
Unlock a Jamf Pro user account that is locked.
General Requirements
To add accounts or groups from an LDAP directory service, you need an LDAP server set up in Jamf
Pro. For more information, see “Integrating with LDAP Servers” in the . Jamf Pro Administrator’s Guide