Skip to main content

Workflow Template: Compliance - Provide temporary Device Admin to Mac users (JAMF)

Receive a request over Slack for temporary assignment of admin permissions. Get approval from Security channel, update policy on Jamf.

Updated over a week ago

The "Compliance - Provide Temporary Device Admin to Mac Users (JAMF)" workflow template streamlines the process of granting temporary admin rights to Mac users. Initiated via Slack, it verifies user identity, gathers justification for the request, and identifies associated devices. The workflow seeks approval from the IT Security channel, and if granted, temporarily assigns admin rights through JAMF, automatically revoking them after a set period. This ensures compliance and security while facilitating necessary administrative tasks.

Take Me to the Template

Trigger

Slack

Optional Triggers

["Microsoft Teams","Webhook"]

Use Cases

Device \u0026 User Compliance

Workflow Breakdown

  1. Verify Email address found in Slack

  2. Ask for a reason for the admin rights request

  3. Find computers that are assigned to the user by email address

  4. Ask for approval in the Slack Security Channel

  5. If approved, provide permissions in JAMF, wait and revoke permissions

  6. If denied, notify user via Slack

Vendors

Slack, Utils, HTTP, Jamf

Workflow Output

Success/Failure

Tips

  • User asks bot "request-mac-admin" in Slack to start workflow

  • Use extended attributes in Jamf with policies to enable admin rights

  • Jamf policies setup to run when attributes are found with Smart Computer Groups

Related Articles
Workflow Template: Request Elevation of Local Admin Privileges in JumpCloud
Workflow Template: Just-In-Time Access to Group Membership in Active Directory
Workflow Template: Just-in-Time (JIT) access to Okta SSO Applications by Slack
Workflow Template: Just-in-time (JIT) access to Okta Groups via Slack
Workflow Template: Just-in-time access to Group Membership in Entra ID (ex-Azure AD)
Did this answer your question?