Skip to main content

Compliance - Provide temporary Device Admin to Mac users (JAMF) - Workflow Template

Receive a request over Slack for temporary assignment of admin permissions. Get approval from Security channel, update policy on Jamf.

Updated this week

This workflow template streamlines the process of granting temporary admin rights to Mac users, ensuring compliance and security. Initiated via Slack, it verifies user identity, gathers justification for admin access, and checks device assignment. Approval is sought from the IT Security channel, and if granted, admin rights are provisioned through JAMF for a limited time before automatic revocation. This ensures controlled access while maintaining operational efficiency.

Take Me to the Template

Trigger

Slack

Optional Triggers

["Microsoft Teams","Web Hook"]

Use Cases

Device \u0026 User Compliance

Workflow Breakdown

  1. Verify Email address found in Slack

  2. Ask for a reason for the admin rights request

  3. Find computers that are assigned to the user by email address

  4. Ask for approval in the Slack Security Channel

  5. If approved, provide permissions in JAMF, wait and revoke permissions

  6. If denied, notify user via Slack

Vendors

Slack, Utils, HTTP, Jamf

Workflow Output

Success/Failure

Tips

  • User asks bot "request-mac-admin" in Slack to start workflow

  • Use extended attributes in Jamf with policies to enable admin rights

  • Jamf policies setup to run when attributes are found with Smart Computer Groups

Related Articles
Just in Time AWS Access with Slack Approval Flow (Britive) - Workflow Template
Just-In-Time Access to Group Membership in Active Directory - Workflow Template
Handle Wiz Alert for AWS Admin Principals Inactive Over 90 Days - Workflow Template
Just-in-time (JIT) access to Okta Groups via Slack - Workflow Template
Just-in-time access to Group Membership in Entra ID (ex-Azure AD) - Workflow Template
Did this answer your question?