Home > Jamf Pro, Mac administration, Management Profiles > Providing Jamf Pro computer inventory information via macOS configuration profile

Providing Jamf Pro computer inventory information via macOS configuration profile

Jamf Pro can store and make available a lot of information about a particular computer and who is using it as part of the computer’s inventory record, but it can be challenging to access that information from the computer itself.

Screenshot 2023-02-25 at 1.59.32 PM

It is possible to use an API call to access this information, using either the Jamf Pro API or Jamf Pro’s Classic API, but that means providing a way to authenticate to the API. This may pose some security issues as you will need to both:

  • Provide a way for the computer to access those authentication credentials
  • Protect the authentication credentials from potentially malicious third parties

Fortunately, there is an alternative way to provide at least some inventory information without needing to make an API call. Jamf Pro provides a number of variables which can be used in macOS configuration profiles and it’s possible to leverage those variables to build a profile whose task is providing information from the computer’s inventory record in Jamf Pro in a way which can be accessed from the managed computer. For more details, please see below the jump.

The variables which are available to macOS configuration profiles as of Jamf Pro 10.44.0 are listed in the table shown below:

Variable Inventory Information
$MANAGEMENTID Device management ID assigned by Jamf Pro
$UDID Computer UDID
$SERIALNUMBER Computer Serial Number
$USERNAME Username associated with the computer in Jamf Pro (computer-level profiles only)
Username of the user logging in to the computer (user-level profiles only)
$EMAIL Email Address
$PHONE Phone Number
$POSITION Position
$ROOM Room
$JSSID Jamf Pro ID
$PROFILEJSSID Jamf Pro ID of the Configuration Profile
$EXTENSIONATTRIBUTE_# Extension Attribute ID Number
Note: The ID number is found in the extension attribute URL. In the example URL below,"id=2" indicates the extension attribute ID number:

I’ve used them to build a profile which will pull the information associated with the variables below:


view raw


hosted with ❤ by GitHub

When deployed, the profile will pull the relevant information from the computer record in Jamf Pro and store it as part of the profile.

Screenshot 2023-02-25 at 2.06.24 PM

Screenshot 2023-02-25 at 2.06.25 PM

This information in turn can be read from a plist file which should appear in the /Library/Managed Preferences directory on the managed Macs which the profile is being deployed to. In this case, the profile is managing the com.company.information domain, which means that a file named com.company.information.plist should appear in /Library/Managed Preferences.

Screenshot 2023-02-25 at 2.01.05 PM

This information can then be read out of the /Library/Managed Preferences/com.company.information.plist file by either the defaults command or an alternate tool which can parse a plist file for information.

Screenshot 2023-02-25 at 2.09.39 PM

Screenshot 2023-02-25 at 2.09.38 PM

Screenshot 2023-02-25 at 2.09.37 PM

The example profile I’ve written is available below:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;
<plist version="1">
<string>Company Name</string>
<string>Computer Information</string>
<string>Custom Settings</string>
<string>JAMF Software</string>
<key>Computer Jamf Pro ID Number</key>
<key>Computer Name</key>
<key>Computer Network Connection MAC Address</key>
<key>Computer Serial Number</key>
<key>Computer UDID</key>
<key>Computer User's Email Address</key>
<key>Computer User's Name</key>
<key>Computer User's Office Building ID</key>
<key>Computer User's Office Building Name</key>
<key>Computer User's Office Department</key>
<key>Computer User's Office Department ID</key>
<key>Computer User's Office Position</key>
<key>Computer User's Office Room Location</key>
<key>Computer User's Phone Number</key>
<key>Computer User's username</key>
<key>Site ID</key>

  1. gda
    February 25, 2023 at 9:47 pm

    Few months ago I looked for a way how to get the JSS ID for API calls without more API calls. Using the same solution since then.

    Did you figured out how to update the values once pushed to the client?

    • February 27, 2023 at 12:36 am

      This might be solved by using the machines UUID, jamf_hostname + ‘/JSSResource/computers/udid/’ + local_uuid.

      I have a POC here: https://github.com/lazymutt/Jamf-Pro-API-Sampler

      • gda
        February 28, 2023 at 1:08 pm

        Nice scripts; added it to my reading list.
        Is it still possible to use the UUID for new Jamf Pro API? Thought it was only for the Classic API.

        My question was more like how to update the values that were pushed to the client, ie. values for Room or Building.
        From my perspective you’ll have to remove the profile from client, then push it again. Jamf Pro fills the placeholders with the current available values.

  2. Andreas Schenk
    February 27, 2023 at 7:30 am

    Good post.
    Another way to get to more client info locally without an API callis using “sudo jamf recon -saveFormTo”.
    In both ways I miss the info for Secure Boot Status. It seems to me that this info (at least on Apple Silicon) can not be queried from the CLI in an easy way and Jamf Pro gets this inventory info from the MDM Commands it sends to the client after an inventory updates succeeds. So Jamf Pro has it in the Server, but not in the reconForm or the payload variables.
    It seems the only way to get this info to the client without API calls is a smartgroup on the criteria, then run a script with a defaults write putting it into a local plist. The complementing Smartgroup would run a script to do a defaults write with the opposite value into that plist.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: