talkingmoose · February 12, 2025 23:02
diff --git a/Create new Jamf Pro user account.zsh b/Create new Jamf Pro user account.zsh
 #!/bin/zsh
 # set -x

 :<<ABOUT_THIS_SCRIPT
 -----------------------------------------------------------------------

 	Written by:William Smith
 	Partner Program Manager
 	Jamf
 	[email protected]
 	https://gist.github.com/talkingmoose/dd6ffd8a27345b133a02a5b455004e4f
 	
 	Originally posted: February 12, 2025

 	Purpose: Create a new Jamf Pro user account.
 	
 	Instructions:

 	1. In Jamf Pro click Settings > System > API roles and clients.
 	
 	2. Under API Roles create a new API role such as "Account Management".
 	
        Set Privileges to include:
        Create Accounts
        Read Accounts
 	   
 	   Under API Clients create a new API client such as "Account Manager".
 	   
 	   Set API roles to:
 	   Account Management
 	   
 	   Enable the API client and copy the client ID and client secret.
 	   
 	3. Update the jamfProURL, clientID, and clientSecret variables below.
 	
 	4. Update the newAccountJSON with information for the new user account.

 	Except where otherwise noted, this work is licensed under
 	http://creativecommons.org/licenses/by/4.0/

 	"Some people feel the rain, others just get wet."
 	
 -----------------------------------------------------------------------
 ABOUT_THIS_SCRIPT

 jamfProURL="https://talkingmoose.jamfcloud.com"
 clientID="f46f154a-456e-4345-8d2c-f3bb6bb3e184"
 clientSecret="X4x8cIUuRoSb-9p3lcu7lHv1yGtbumkFieHP8ZX1s6AVT3ZmfvziUZIVRKG_m9yz"

 newAccountJSON='{
  "plainPassword": "!!password!!",
  "username": "agriswold",
  "realname": "Audrey Griswold",
  "email": "[email protected]",
  "phone": "",
  "ldapServerId": -1,
  "distinguishedName": "",
  "siteId": -1,
  "accessLevel": "FullAccess",
  "privilegeLevel": "ADMINISTRATOR",
  "changePasswordOnNextLogin": true,
  "accountStatus": "Enabled"
 }'

 function checkResponseCode()	{
 	httpErrorCodes="000 No HTTP code received
 200 Request successful
 201 Request to create or update object successful
 400 Bad request
 401 Authentication failed
 403 Invalid permissions
 404 Object/resource not found
 409 Conflict
 500 Internal server error"
 	
 	responseCode=${1: -3}
 	code=$( /usr/bin/grep "$responseCode" <<< "$httpErrorCodes" )
 	
 	echo "$code"
 }

 echo "Requesting oauth token."

 # request oauth token
 oAuthTokenResponse=$( /usr/bin/curl \
 --data-urlencode "grant_type=client_credentials" \
 --data-urlencode "client_id=$clientID" \
 --data-urlencode "client_secret=$clientSecret" \
 --header "Content-Type: application/x-www-form-urlencoded" \
 --request POST \
 --silent \
 --url "$jamfProURL/api/oauth/token" \
 --write-out "%{http_code}" )

 checkResponseCode "$oAuthTokenResponse"

 # extract token data from response
 oAuthToken=${oAuthTokenResponse%???}

 # parse token from response
 token=$( /usr/bin/plutil -extract access_token raw - <<< "$oAuthToken" )

 echo "Requesting settings."

 # create new Jamf Pro user account
 lapsSettings=$( /usr/bin/curl \
 --data "$newAccountJSON" \
 --header "Content-Type: application/json" \
 --header "Authorization: Bearer $token" \
 --request POST \
 --silent \
 --url "$jamfProURL/api/v1/accounts" \
 --write-out "%{http_code}" )

 checkResponseCode "$lapsSettings"

 # extract data from request
 echo "${lapsSettings%???}"

 echo "Destroying oauth token."

 # expire auth token
 expireToken=$( /usr/bin/curl \
 --header "Authorization: Bearer $token" \
 --request POST \
 --silent \
 --url "$jamfProURL/api/v1/auth/invalidate-token" \
 --write-out "%{http_code}" )

 checkResponseCode "$oAuthTokenResponse"

 exit 0
diff --git a/Read existing Jamf Pro user account.zsh b/Read existing Jamf Pro user account.zsh
 #!/bin/zsh
 # set -x

 :<<ABOUT_THIS_SCRIPT
 -----------------------------------------------------------------------

 	Written by:William Smith
 	Partner Program Manager
 	Jamf
 	[email protected]
 	https://gist.github.com/talkingmoose/dd6ffd8a27345b133a02a5b455004e4f
 	
 	Originally posted: February 12, 2025
 	
 	Purpose: Read an existing Jamf Pro user account.  

 	Instructions:

 	1. In Jamf Pro click Settings > System > API roles and clients.

 	2. Under API Roles create a new API role such as "Account Management".

 	   Set Privileges to include:
 	   Create Accounts
 	   Read Accounts

 	   Under API Clients create a new API client such as "Account Manager".

 	   Set API roles to:
 	   Account Management
 	   Enable the API client and copy the client ID and client secret.

 	3. Update the jamfProURL, clientID, and clientSecret variables below.

 	4. Update the accoundID with the Jamf Pro ID of the user account.

 -----------------------------------------------------------------------
 ABOUT_THIS_SCRIPT

 jamfProURL="https://talkingmoose.jamfcloud.com"
 clientID="f46f154a-456e-4345-8d2c-f3bb6bbee187"
 clientSecret="X4x8cIUuRoSb-9p3lcu7lHv1yqtbumkFieHP8ZX1s6AVT3ZmfvziUZIVRKG__m9y"

 accountID="12"

 function checkResponseCode()	{
 	httpErrorCodes="000 No HTTP code received
 200 Request successful
 201 Request to create or update object successful
 400 Bad request
 401 Authentication failed
 403 Invalid permissions
 404 Object/resource not found
 409 Conflict
 500 Internal server error"
 	
 	responseCode=${1: -3}
 	code=$( /usr/bin/grep "$responseCode" <<< "$httpErrorCodes" )
 	
 	echo "$code"
 }

 echo "Requesting oauth token."

 # request oauth token
 oAuthTokenResponse=$( /usr/bin/curl \
 --data-urlencode "grant_type=client_credentials" \
 --data-urlencode "client_id=$clientID" \
 --data-urlencode "client_secret=$clientSecret" \
 --header "Content-Type: application/x-www-form-urlencoded" \
 --request POST \
 --silent \
 --url "$jamfProURL/api/oauth/token" \
 --write-out "%{http_code}" )

 checkResponseCode "$oAuthTokenResponse"

 # extract token data from response
 oAuthToken=${oAuthTokenResponse%???}

 # parse token from response
 token=$( /usr/bin/plutil -extract access_token raw - <<< "$oAuthToken" )

 echo "Reading account."

 # read existing Jamf Pro user account
 readAccount=$( /usr/bin/curl \
 --header "Accept: application/json" \
 --header "Authorization: Bearer $token" \
 --request GET \
 --silent \
 --url "$jamfProURL/api/v1/accounts/$accountID" \
 --write-out "%{http_code}" )

 checkResponseCode "$readAccount"

 # extract data from request
 echo "${readAccount%???}"

 echo "Destroying oauth token."

 # expire auth token
 expireToken=$( /usr/bin/curl \
 --header "Authorization: Bearer $token" \
 --request POST \
 --silent \
 --url "$jamfProURL/api/v1/auth/invalidate-token" \
 --write-out "%{http_code}" )

 checkResponseCode "$oAuthTokenResponse"

 exit 0
	#!/bin/zsh
	# set -x

	:<<ABOUT_THIS_SCRIPT
	-----------------------------------------------------------------------

	Written by:William Smith
	Partner Program Manager
	Jamf
	[email protected]
	https://gist.github.com/talkingmoose/dd6ffd8a27345b133a02a5b455004e4f

	Originally posted: February 12, 2025

	Purpose: Create a new Jamf Pro user account.

	Instructions:

	1. In Jamf Pro click Settings > System > API roles and clients.

	2. Under API Roles create a new API role such as "Account Management".

	Set Privileges to include:
	Create Accounts
	Read Accounts

	Under API Clients create a new API client such as "Account Manager".

	Set API roles to:
	Account Management

	Enable the API client and copy the client ID and client secret.

	3. Update the jamfProURL, clientID, and clientSecret variables below.

	4. Update the newAccountJSON with information for the new user account.

	Except where otherwise noted, this work is licensed under
	http://creativecommons.org/licenses/by/4.0/

	"Some people feel the rain, others just get wet."

	-----------------------------------------------------------------------
	ABOUT_THIS_SCRIPT

	jamfProURL="https://talkingmoose.jamfcloud.com"
	clientID="f46f154a-456e-4345-8d2c-f3bb6bb3e184"
	clientSecret="X4x8cIUuRoSb-9p3lcu7lHv1yGtbumkFieHP8ZX1s6AVT3ZmfvziUZIVRKG_m9yz"

	newAccountJSON='{
	"plainPassword": "!!password!!",
	"username": "agriswold",
	"realname": "Audrey Griswold",
	"email": "[email protected]",
	"phone": "",
	"ldapServerId": -1,
	"distinguishedName": "",
	"siteId": -1,
	"accessLevel": "FullAccess",
	"privilegeLevel": "ADMINISTRATOR",
	"changePasswordOnNextLogin": true,
	"accountStatus": "Enabled"
	}'

	function checkResponseCode() {
	httpErrorCodes="000 No HTTP code received
	200 Request successful
	201 Request to create or update object successful
	400 Bad request
	401 Authentication failed
	403 Invalid permissions
	404 Object/resource not found
	409 Conflict
	500 Internal server error"

	responseCode=${1: -3}
	code=$( /usr/bin/grep "$responseCode" <<< "$httpErrorCodes" )

	echo "$code"
	}

	echo "Requesting oauth token."

	# request oauth token
	oAuthTokenResponse=$( /usr/bin/curl \
	--data-urlencode "grant_type=client_credentials" \
	--data-urlencode "client_id=$clientID" \
	--data-urlencode "client_secret=$clientSecret" \
	--header "Content-Type: application/x-www-form-urlencoded" \
	--request POST \
	--silent \
	--url "$jamfProURL/api/oauth/token" \
	--write-out "%{http_code}" )

	checkResponseCode "$oAuthTokenResponse"

	# extract token data from response
	oAuthToken=${oAuthTokenResponse%???}

	# parse token from response
	token=$( /usr/bin/plutil -extract access_token raw - <<< "$oAuthToken" )

	echo "Requesting settings."

	# create new Jamf Pro user account
	lapsSettings=$( /usr/bin/curl \
	--data "$newAccountJSON" \
	--header "Content-Type: application/json" \
	--header "Authorization: Bearer $token" \
	--request POST \
	--silent \
	--url "$jamfProURL/api/v1/accounts" \
	--write-out "%{http_code}" )

	checkResponseCode "$lapsSettings"

	# extract data from request
	echo "${lapsSettings%???}"

	echo "Destroying oauth token."

	# expire auth token
	expireToken=$( /usr/bin/curl \
	--header "Authorization: Bearer $token" \
	--request POST \
	--silent \
	--url "$jamfProURL/api/v1/auth/invalidate-token" \
	--write-out "%{http_code}" )

	checkResponseCode "$oAuthTokenResponse"

	exit 0