Configuration guide: Lock macOS device
The configuration options on this page are only accessible to administrators.
Refer to the Usage guide: Lock macOS device to use library content as a standard user.
Prerequisites
This library pack contains content from the following expansion products
Included content and dependencies
This library pack contains the following content and dependencies:
Lock macOS device
This workflow enables L1 agents to quickly and effectively lock lost or stolen macOS corporate devices managed through Jamf Pro.
Configuring Lock macOS device pack
Follow these steps to install and configure content:
Before configuration - Install library pack content from Nexthink Library
Step 1 - Configure workflow trigger and targeting
The workflow trigger and targeting must be configured before use:
This workflow is designed to target devices and the recommended trigger is Manual.
Please refer to this section for suggestions on configuring the workflow trigger.
Step 2 - Configure Jamf Pro connector credential
The configuration of connector credentials is essential for enabling API calls. The configuration of connector credentials is essential for enabling API calls. See detailed information in the documentation. Each connector thinklet has a dropdown field for credentials that needs to be filled out:

When the workflow is installed or copied from the Library, this field will be blank as it is a local setup of each environment and is not included in the Library.

Step 3 - Configure ServiceNow integration
The configuration of connector credentials is essential for enabling API calls. See detailed information in the documentation. Each connector thinklet has a dropdown field for credentials that needs to be filled out:

When the workflow is installed or copied from the Library, this field will be blank as it is a local setup of each environment and is not included in the Library.

In addition to the connector credentials, the Create incident ticket thinklet must be customized before using the workflow:

The following three parameters must be customized for your organization:
ServiceNow assignment group - Assignment group to be populated for the incident.
Business service - Business service to be populated for the incident.
Caller - Caller to be populated for the incident.
Step 4 - Configure global parameters
There are two global parameters in this workflow:
Incident number - This parameter should be configured with the ServiceNow ticket number, which is the basis for locking the device. The workflow will update this ticket upon execution and close it upon successful device lock.
Lock PIN number - This parameter should be configured with a 6-digit PIN code that would be required to unlock the device.

Step 5 - Configure Post device lock command thinklet
Prior to using the workflow, the Post device lock command thinklet must be configured. The following two parameters must be customized for your organization:
Message - This parameter appears on the lock screen of a locked device.
Phone number - this phone number will appear on the lock screen of a locked device along with the lock message. Depending on your requirements, it can refer to an organization's IT service desk or security department.

RELATED TOPICS
Last updated
Was this helpful?