Home > Jamf Pro > The Jamf Pro Push Proxy service, service token renewal and Jamf Nation credentials

The Jamf Pro Push Proxy service, service token renewal and Jamf Nation credentials

Jamf Pro has the ability to push notifications to devices with Self Service installed. This function is enabled using a Jamf-specific service known as the Jamf Push Proxy.

Screen Shot 2019 08 13 at 12 36 58 PM

Screen Shot 2019 08 13 at 12 37 15 PM

To enable this service to work with your Jamf Pro server, you need to set up a push proxy server token using the process shown below:

1. Log into your Jamf Pro server as an administrator.
2. Go to Settings > Global Management > Push Certificates.

Screen Shot 2019 08 13 at 12 08 21 PM

3. Click the New button.

Screen Shot 2019 08 13 at 12 07 46 PM

4. Select the Get proxy server token from Jamf Authorization Server option and click the Next button.

Screen Shot 2019 08 13 at 12 03 57 PM

5. Provide credentials for a Jamf Nation user account and click the Next button.

Screen Shot 2019 08 13 at 12 04 17 PM

6. If successful, you should be notified that the proxy server token has been uploaded to your Jamf Pro server. Click the Done button.

Screen Shot 2019 08 13 at 12 04 44 PM

7. The proxy server token should appear listed as Push Proxy Settings in the Push Certificates screen.

Screen Shot 2019 08 13 at 2 13 26 PM

Once the Push Proxy service has been enabled for your Jamf Pro server, you can use the notifications options in your Self Service policies to provide notifications in Self Service and Notification Center when desired.

Screen Shot 2019 08 13 at 12 37 37 PM

For more details, please see below the jump.

One thing to be aware of is that the push proxy server token has a very short life (one day) and needs to be renewed regularly. The credentials of the Jamf Nation account used to set up the push proxy server token are stored in the Jamf Pro database and used to renew the push proxy server token. This use of stored Jamf Nation credentials has two implications to be aware of:

  1. If the password for that Jamf Nation account is changed or the account is closed, then the Jamf Pro server which is using those credentials will be unable to successfully renew the push proxy server token. This means that the renewal will fail and the certificate stops being renewed.
  2. The Jamf Nation account’s credentials are stored in the database, which may be a security risk if those account credentials have access to other Jamf Nation resources.

To manage these risks, I would recommend setting up a separate Jamf Nation account and use it specifically for enrolling the Push Proxy service on your Jamf Pro server. One thing to be aware of is that the separate Jamf Nation account must have some assets associated with it, so I also recommend talking with Jamf Support as to the best way to manage this.

If you want to change the Jamf Nation account used with the Push Proxy service, you can fix this by deleting the current push proxy token and setting up a new one. You can do this using the process shown below:

1. Log into your Jamf Pro server as an administrator.
2. Go to Settings > Global Management > Push Certificates.

Screen Shot 2019 08 13 at 12 08 21 PM

3. Click the Push Proxy Settings token.

Screen Shot 2019 08 13 at 2 13 26 PM

4. Click the Delete button.

Screen Shot 2019 08 18 at 12 09 12 PM

5. When asked to confirm, click the Delete button.

Screen Shot 2019 08 18 at 12 09 59 PM

At this point, your existing push proxy token should be removed.

Screen Shot 2019 08 18 at 12 10 28 PM

To set up a new one using the new Jamf Nation account, use the procedure described earlier to set up the new push proxy token.

Categories: Jamf Pro
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: