During my time at Equifax, we had an issue with technician permissions. we wanted users to be able to do some specific tasks in jamf but for them to not have access to the actual Jamf Pro console.
To solve this issue I created a PHP Site that could complete only the functions we wanted these technicians to be able to complete.
In the example screen shots below the following takes place:
1. The Technician signs in with their Admin credentials (some info censored for company security). This will then verify the credentials are correct before taking them to the next page and present a password error if it fails.
2. They are given a field to enter the computer name.
3. They can then choose to click on what action they would like to enact on this computer.
4. After clicking the action they want an API command will reach out to Jamf Pro find the proper machine and add it to the necessary group for the action to take place.
5. The Technician will then be automatically logged out of this application and the php session will be terminated requiring them to login again each time it is needed.
-
Step 1. Log in with valid Admin Credentials -
Step 2. Enter computer name and choose action -
Step 3. Action is enacted and PHP session terminated