Configuration guide: Lock macOS device

The configuration options on this page are only accessible to administrators.

Refer to the Usage guide: Lock macOS device to use library content as a standard user.

Prerequisites

This library pack contains content from the following expansion products

Flow - Workflows

Some of these products offer default access to their respective content and can still be used without expansion products.

To learn more about default thresholds for expansion products, visit the extended documentation.

Included content and dependencies

This library pack contains the following content and dependencies:

Type

Name

Description

Workflows

Lock macOS device

This workflow enables L1 agents to quickly and effectively lock lost or stolen macOS corporate devices managed through Jamf Pro.

Configuring Lock macOS device pack

Adapt these suggested configuration steps to edit and customize content according to your organizational needs.

Follow these steps to install and configure content:

Before configuration - Install library pack content from Nexthink Library
Step 1 - Configure workflow trigger and targeting
Step 2 - Configure Jamf Pro connector credential
Step 3 - Configure ITSM API connector credential
Step 4 - Configure global parameters
Step 5 - Configure Post device lock command thinklet

Step 1 - Configure workflow trigger and targeting

The workflow trigger and targeting must be configured before use: This workflow is designed to target devices and the recommended trigger is Manual.

Please refer to this section for suggestions on configuring the workflow trigger.

Step 2 - Configure Jamf Pro connector credential

The configuration of connector credentials is essential for enabling API calls. The configuration of connector credentials is essential for enabling API calls. See detailed information in the documentation. Each connector thinklet has a dropdown field for credentials that needs to be filled out:

When the workflow is installed or copied from the Library, this field will be blank as it is a local setup of each environment and is not included in the Library.

Step 3 - Configure ServiceNow integration

The configuration of connector credentials is essential for enabling API calls. See detailed information in the documentation. Each connector thinklet has a dropdown field for credentials that needs to be filled out:

When the workflow is installed or copied from the Library, this field will be blank as it is a local setup of each environment and is not included in the Library.

In addition to the connector credentials, the Create incident ticket thinklet must be customized before using the workflow:

The following three parameters must be customized for your organization:

ServiceNow assignment group - Assignment group to be populated for the incident.
Business service - Business service to be populated for the incident.
Caller - Caller to be populated for the incident.

Step 4 - Configure global parameters

There are two global parameters in this workflow:

Incident number - This parameter should be configured with the ServiceNow ticket number, which is the basis for locking the device. The workflow will update this ticket upon execution and close it upon successful device lock.
Lock PIN number - This parameter should be configured with a 6-digit PIN code that would be required to unlock the device.

Step 5 - Configure Post device lock command thinklet

Prior to using the workflow, the Post device lock command thinklet must be configured. The following two parameters must be customized for your organization:

Message - This parameter appears on the lock screen of a locked device.
Phone number - this phone number will appear on the lock screen of a locked device along with the lock message. Depending on your requirements, it can refer to an organization's IT service desk or security department.