Use Kandji Connector Action Cards with Okta Workflows

By Emalee Firestein

Integrate Kandji's Apple device management solution with Okta Workflows


You can use the Kandji connector to integrate Kandji device management with Okta Workflows to help automate critical components of the user lifecycle that are prone to friction or manual error.


The first step is to Authorize your Kandji tenant for Okta Workflows.


After you set up a Kandji connection, you can use the following Kandji connector action cards in a Workflow.


ActionDescription
Clear PasscodeClear the iOS or iPadOS device passcode.
Create BlueprintCreate a Blueprint.
Create NoteCreate a note in Kandji for the device.
Erase DeviceSend Erase Device MDM command.
Get ADE IntegrationGiven an Automated Device Enrollment (ADE) integration token, return information about the integration.
Get Activation Lock Bypass CodesGet the Activation Lock Bypass Code for a Mac.
Get BlueprintGet a Blueprint by Blueprint ID or by name.
Get DeviceGiven a Device ID, get high-level details about the device.
Get FileVault Recovery KeyGet the FileVault Recovery Key for a Mac.
Get (Mac) Unlock PINGet the unlock PIN for a locked Mac.
List ADE IntegrationsReturn a list of configured Automated Device Enrollment (ADE) integrations.
List ADE DevicesGiven an Automated Device Enrollment (ADE) integration token, return a list of all devices associated with that token, as well as their enrollment status. When the mdm_device key value is null, this indicates that the device is awaiting enrollment into Kandji.
List BlueprintsList all Blueprints in the Kandji tenant.
List Device AppsGiven a Device ID, return a list of all apps installed on the device.
List Device Library ItemsGiven a Device ID, return a list of all the Library Items for the device and their statuses.
List Device NotesGiven a Device ID, return a list of all the notes in Kandji for the device.
List Devices>Return a list of all enrolled devices. Optional query parameters can be used to filter the results.
Lock DeviceSend Lock Device MDM command.
Manage Apple Remote DesktopUse MDM to turn Apple Remote Desktop for a Mac on or off.
Play Lost Mode SoundUse MDM to turn Apple Remote Desktop for a Mac on or off.
Reinstall Kandji AgentUse MDM to reinstall the Kandji Agent on a Mac.
Restart DeviceSend Restart MDM command.
Send MDM Blank PushSend Blank Push MDM command.
Set Device NameSend an MDM command to set the device name.
Shutdown DeviceSend Shutdown MDM command.
Turn Off Lost ModeTurn off Managed Lost Mode for an iOS or iPadOS device.
Turn On Lost ModeTurn on Managed Lost Mode for a Supervised iOS or iPadOS device.
Unlock (Local) User AccountSend Unlock Account MDM command.
Update DeviceGiven a device, update its assigned Blueprint, user, or asset tag.
Update InventorySend Update Inventory MDM command.
Update Lost Mode LocationSend the MDM command to an iOS or iPadOS device in Lost Mode to update the location data.

Kandji Connector Action Card Details

Custom API Action

Make an authenticated HTTP request to the Kandji API.


This action is unlike other Kandji cards; refer to Kandji's API documentation.


Options
FieldDefinitionTypeRequired
Request TypeThis is one of the supported HTTP request methods, or HTTP verbs, in a custom API call (see HTTP request methods).
  • GET: Retrieves data from a web service based on parameters. This method requests a representation of the specified resource. If a request is successful, a 200 (OK) response message is returned with the requested content.
  • POST: Sends data to a web service based on parameters (for example, uploading a file). Multiple POST requests may result in a different outcome than a single POST. Caution should be exercised to avoid sending multiple POST requests unintentionally. If a request is successful, a 200 (OK) response message is returned.
  • PUT: Sends data to be stored at a specific location on a web server based on parameters (for example, uploading a file). Unlike POST requests, PUT requests are idempotent. For successful requests, the result of a single PUT request is the same as many identical PUT requests. If a request is successful, a 200 (OK), 201 (Created), or 204 (No Content) response message is returned.
  • PATCH: Applies partial modifications to a resource on a web server based on parameters. PATCH is not idempotent. Multiple PATCH requests could have unintended consequences. If a PATCH is successful, a 200 (OK) or 204 (No Content) response message is returned.
  • DELETE: Deletes the specified resource (if it exists) from the web server based on parameters. If a DELETE is successful, a 200 (OK) response message is returned.
DropdownTRUE

Inputs


FieldDefinitionTypeRequired
Relative URLSpecify the relative URL to the Kandji API. The input value is the text that follows /v1 in the URL. For example, if the full API endpoint URL is https://accuhive.api.kandji.io/api/v1/devices, then the input value is /devices. This is consistent with the API documentation relative path examples. You can specify query parameters in the relative URL using ? or specify the query parameters as an object key pair in the Query input.StringTRUE
QuerySpecify any additional query parameters that should be included in object format (key-value pairs).Object

FALSE

HeadersSpecify any headers required in addition to authorization or content-type (these are already handled by this connector).Object

FALSE

BodySpecify a request body in JSON format.Object

FALSE

Outputs


FieldDefinitionType
Status CodeResult of the operation. The Kandji connector returns the HTTP status and indicates whether the action taken by the card succeeded or failed.Number
HeadersDetailed context for the status code unrelated to the output body. Response headers are dependent on your selected HTTP request option. Note that not all headers are response headers. This will usually be similar to {"Content-type":"application/json"}.Object
BodyData returned from the HTTP request. For example, the data from a GET request.Object

Clear Passcode

Clear the iOS or iPadOS device passcode. An MDM command will be triggered. This is compatible only with iOS and iPadOS device types; all others will return a status code of 400.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • 200 OK
  • 400 Bad Request
    • "Command already running" - The command may already be running in a Pending state waiting on the device.
    • "Command is not allowed for current device" - The command may not be compatible with the target device.
  • 401 Unauthorized
    • Invalid access token. The HTTP request was not processed. This can happen if the token was revoked, the required permissions are missing, or the token has expired.
  • 404 Not found
    • Unable to locate the resource in the Kandji tenant.

For a full list of possible status codes, see HTTP status codes.

Text

Create Blueprint

Create a Blueprint.

Inputs


FieldDescriptionTypeRequired
NameName of Blueprint. The name must be unique.StringTRUE
Enrollment Code Is ActiveIs the Blueprint enabled for manual device enrollment from the enrollment portal?BooleanTRUE
Enrollment CodeOptionally, set the enrollment code of the Blueprint. This key is not required and will function in the same way as the Kandji web app. If an enrollment code is not supplied in the payload body, it will be randomly generated. The enrollment code will be returned in the response and visible in the Kandji web app.StringFALSE
ColorSet the color of the Blueprint icon. A list of possible color codes and their related HEX codes can be found here.StringFALSE
DescriptionDescription of the Blueprint.StringFALSE
Icon

Set the Blueprint icon. A list of possible icon codes can be found here.

StringFALSE

Outputs


FieldDescriptionType
BlueprintJSON object for the new Blueprint.Object
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • 201 Created
  • 400 Bad Request
    • "This field must be unique.” - This means that the value has already been used. Make sure that the Blueprint name and enrollment code are unique. The enrollment code must be completely unique even if the associated Blueprint no longer exists in the Kandji tenant.
  • 401 Unauthorized
    • "Invalid access token." - This can happen if the token was revoked, the required permissions are missing, or the token has expired.
  • 404 Not found
    • Unable to locate the resource in the Kandji tenant.

Create Note

Create a note for a device.

Inputs


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the iOS or iPadOS device to send the MDM command toStringTRUE
NoteText contents of the noteStringTRUE

Outputs


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • 201 Created
  • 401 Unauthorized
    • Invalid access token. This can happen if the token was revoked, the required permissions are missing, or the token has expired.
  • 404 Not found
    • Unable to locate the resource in the Kandji tenant.

For a full list of possible status codes, see HTTP status codes.

Number
NoteJSON object for the noteObject

Erase Device

Erase a device. An MDM command will be triggered. For a macOS device, you must provide a PIN which is exactly 6 digits.

Inputs


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the iOS or iPadOS device to send the MDM command toStringTRUE
PINFor macOS computers only: Unlock PIN, which will be required to use the device after an eraseNumber, 6 digits

TRUE for macOS

PreserveDataPlanFor iOS and iPadOS only: Should the cellular data plan be preserved?Boolean

TRUE for iOS and iPadOS

DisallowProximitySetupFor iOS and iPadOS only: Should proximity setup be allowed during Setup Assistant?Boolean

TRUE for iOS and iPadOS

Outputs


FieldDescriptionType
PINUnlock PINString
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • 200 OK
  • 400 Bad Request
    • "Command already running" - The command may already be running in a Pending state waiting on the device.
    • "Command is not allowed for current device" - The command may not be compatible with the target device.
  • 401 Unauthorized
    • Invalid access token. This can happen if the token was revoked, the required permissions are missing, or the token has expired.
  • 404 Not found
    • Unable to locate the resource in the Kandji tenant.

For a full list of possible status codes, see HTTP status codes.

Number

Get ADE Integration

Given an Automated Device Enrollment (ADE) integration token, return information about the integration.

Input


FieldDescriptionTypeRequired
ADE Token IDID of Automated Device Enrollment TokenStringTRUE

Outputs


FieldDefinitionType
Default Blueprint IDBlueprint IDString
Default Blueprint NameBlueprint nameString
Default Blueprint ColorBlueprint colorString
Default Blueprint IconBlueprint iconString
Access Token ExpiryToken expirationDate
Server NameName of serverString
Server UUIDServer universally unique identifierString
Organization NameOrganization nameString
Organization EmailOrganization emailString
Organization PhoneOrganization phoneString
Stoken File NameStoken file nameString
Last Device SyncLast syncDate
Default EmailEmailString
Default PhonePhoneString
Days LeftAmount of days leftNumber
StatusStatusString
Status ReasonStatus reasonString
Status Received AtStatus received timeString
Apple TV Device CountNumber of Apple TV devices assignedNumber
iPad Device CountNumber of iPad devices assigned    Number
iPhone Device CountNumber of iPhone devices assignedNumber
Mac Device CountNumber of Mac devices assignedNumber
Total Device CountNumber of devices assignedBoolean

Get Activation Lock Bypass Codes

Retrieve the Activation Lock Bypass code for a Mac.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of a MacStringTRUE

Outputs


FieldDescriptionType
User-Based Activation Lock Bypass CodeUser-based Activation Lock bypass code for when Activation Lock is enabled using a personal Apple ID and Find MyString
Device-Based Activation Lock Bypass CodeDevice-based Activation Lock bypass code for when Activation Lock is enabled by the MDM serverString

Get Blueprint

Given a Blueprint ID, Blueprint name, or both, return the Blueprint.

Input


FieldDefinitionTypeRequired
Blueprint IDID of the BlueprintStringFALSE
Blueprint NameBlueprint nameStringFALSE

Outputs


FieldDefinitionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

String
IDBlueprint IDString
NameBlueprint nameString
IconBlueprint iconString
ColorBlueprint colorString
DescriptionBlueprint descriptionString
ParametersJSON list of parameters for the BlueprintList
CountNumber of devices assigned to the BlueprintNumber
MissingNumber of devices assigned to the Blueprint that are missingNumber
Enrollment CodeEnrollment code for manual enrollmentString
Enrollment Code Is ActiveWhether the enrollment code is activeBoolean
Alerts CountNumber of alerts for the BlueprintString

Get Device

Given a Device ID, return top-level or detailed information about the device.

Options


FieldDefinitionTypeRequired
Details

Choose the level of detail to return about the device.

  • Basic: Retrieves top-level details about the device
  • Full: Retries detailed information about the device
DropdownTRUE

Input


FieldDefinitionTypeRequired
Device IDKandji-specific device IDStringTRUE

Outputs for Basic details option


FieldDefinitionType
Device
Device IDKandji-specific device IDString
Device NameDevice nameString
ModelDevice modelString
Serial NumberDevice serial numberString
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
OS VersionVersion of the OSString
Last Check-inDate of last MDM check-inDate
Asset TagAsset tagString
Blueprint IDBlueprint ID the device is assigned toString
MDM EnabledWhether the device is enabled for MDMBoolean
Agent InstalledWhether the Kandji Agent is installedBoolean
Is MissingWhether the device is missing from KandjiBoolean
Is RemovedWhether the device was removed from KandjiBoolean
Agent VersionVersion of the Kandji AgentString
First EnrollmentWhen the device was first enrolled with KandjiDate
Last EnrollmentWhen the device was last enrolled with KandjiDate
Blueprint NameName of the Blueprint the device is assigned toString
User
EmailEmail address of the user associated with the deviceString
NameName of the user assigned to the deviceString
User IDKandji-specific user ID of the user assigned to the deviceNumber
Is Archived

Whether the device is archived

Boolean

Outputs for Full details option


FieldDefinitionType
General
Device IDKandji-specific device IDString
Device NameDevice nameString
Last EnrollmentDate of last enrollmentDate
First EnrollmentDate of first enrollmentDate
ModelDevice modelString
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
OS VersionVersion of the OSString
System VersionDetailed version of the OSString
Boot VolumeName of boot volumeString
Time Since BootTime since last bootDate
Last UserName of the last userString
Asset TagAsset tagString
Assigned UserUser assigned to the deviceString
Blueprint NameName of the Blueprint the device is assigned toString
Blueprint UUIDUnique ID of the Blueprint the device is assigned toString
MDM
MDM EnabledWhether the device is enabled for MDMBoolean
Install DateDate enrolled with MDMDate
Last Check-inDate of last MDM check-inDate
MDM-enabled UserUser enabled for MDMObject
Activation Lock
Bypass Code FailedWhether collecting the Activation Lock bypass code failedBoolean
User Activation Lock EnabledWhether user-level Activation Lock is enabledBoolean
Device Activation Lock EnabledWhether device-level Activation Lock is enabledBoolean
Activation Lock Allowed While SupervisedWhether Activation Lock is allowed while the device is supervisedBoolean
Activation Lock SupportedWhether Activation Lock is supported for the deviceBoolean
FileVault
FileVault EnabledWhether FileVault is enabledBoolean
FileVault Recovery Key TypeFileVault recovery key type (Personal or Institutional)String
FileVault Personal Recovery Key EscrowedWhether the FileVault personal recovery key is escrowedBoolean
FileVault Next RotationWhen the FileVault recovery key should be rotated nextDate
FileVault Regeneration RequiredWhether the FileVault recovery key needs to be regenerated and rotatedBoolean
Automated Device Enrollment
Auto Enroll EligibleWhether the device is eligible for Automated Device EnrollmentBoolean
Auto EnrolledWhether the device was enrolled using Automated Device EnrollmentBoolean
Kandji Agent
Agent InstalledWhether the Kandi Agent is installedBoolean
Install DateDate the Kandji Agent was installedDate
Last Check-inDate the Kandji Agent last checked inDate
Agent VersionVersion of the Kandji AgentString
Hardware Overview
Model NameApple model nameString
Model IdentifierApple model identifierString
Processor NameName of the device processorString
Processor SpeedSpeed of the device processorString
Number of ProcessorsNumber of processorsString
Total Number of CoresNumber of coresString
MemoryRAM memoryString
UDIDUnique device identifierString
Volumes
VolumesJSON list of volumes on the deviceObject
Network
Local HostnameLocal hostnameString
MAC AddressMAC addressString
IP AddressIPv4 addressString
Public IPIPv4 address (as appears to the Kandji service through Network Address Translation)String
Recovery Information
Recovery Lock EnabledWhether the Mac recovery lock is enabledBoolean
Firmware Password ExistsWhether a firmware password is enabled for an Intel-based MacBoolean
Firmware Password PendingWhether a firmware password is pending for an Intel-based MacBoolean
Password Rotation ScheduledDate scheduled to rotate the firmware password for an Intel-based MacDate
Users
Regular UsersJSON list of non-system usersList
System UsersJSON list of system usersList
Installed Profiles
Installed ProfilesJSON list of profiles installed on the deviceList
Apple Business Manager
ModelModel as defined in Apple Business ManagerString
ColorColor as defined in Apple Business ManagerString
DescriptionDescription as defined in Apple Business ManagerString
Serial NumberSerial number of deviceString
Device FamilyDevice family as defined in Apple Business ManagerString
OSOS as defined in Apple Business ManagerString
Device Assigned DateDate assigned to Kandji in Apple Business ManagerDate
Device Assigned ByManaged Apple ID in Apple Business Manager that assigned the device to KandjiString
Apple Remote Desktop Turned On
Apple Remote Desktop Turned OnWhether Apple Remote Desktop is turned on for a MacBoolean

Get FileVault Recovery Key

Get the FileVault Recovery Key for a Mac.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of a MacStringTRUE

Output


FieldDescriptionType
KeyFileVault recovery keyString

Get Unlock PIN

Get the PIN for a locked Mac.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of a MacStringTRUE

List ADE Integrations

Return a list of configured Automated Device Enrollment (ADE) integrations.

Options


FieldDefinitionTypeRequired
Result Set

Whether to return results directly or to stream results. Options include:

• First 200 Records.

• Stream All Records. If you choose streaming, you must select a Helper Flow to run for every ADE Integration.

DropdownTRUE

Outputs


FieldDefinitionType

Results

JSON list of objects, one object per ADE Integration

Appears when First 200 Records is selected from the Result Set option.

List
Record CountNumber of ADE Integrations
Appears when Stream All Records is selected from the Result Set option.
Number


List ADE Devices

Given an Automated Device Enrollment (ADE) integration token, return a list of all devices associated with that token, as well as their enrollment status. When the mdm_device key value is null, this indicates that the device is awaiting enrollment into Kandji.

Options


FieldDefinitionTypeRequired
Result Set

Whether to return results directly or to stream results. Options include:

• First 300 Records.

• Stream All Records. If you choose streaming, you must select a Helper Flow to run for every ADE Device.

DropdownTRUE

Inputs


FieldDescriptionTypeRequired
ADE Token IDID of ADE TokenStringTRUE

Outputs


FieldDefinitionType

Results

JSON list of objects, one object per ADE Device

Appears when First 300 Records is selected from the Result Set option.

List
Record CountNumber of ADE Devices
Appears when Stream All Records is selected from the Result Set option.
Number

List Blueprints

List Blueprints.

Options


FieldDefinitionTypeRequired
Result Set

Whether to return results directly or to stream results. Options include:

• First 200 Records.

• Stream All Records. If you choose streaming, you must select a Helper Flow to run for every Blueprint.

DropdownTRUE

Outputs


FieldDefinitionType

Results

JSON list of objects, one object per Blueprint

Appears when First 200 Records is selected from the Result Set option.

List
Record CountNumber of Blueprints
Appears when Stream All Records is selected from the Result Set option.
Number


List Device Apps

Given a Device ID, return a list of all installed apps for the device. For iOS, iPadOS, and tvOS, this lists third-party apps installed on this device. Built-in iOS, iPadOS, and tvOS apps are not inventoried.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device IDStringTRUE

Output


FieldDescriptionType
AppsList of JSON objects, one object per appList

List Device Library Items

Given a Device ID, return a list of all the Library Items and their statuses for the device.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device IDStringTRUE

Output


FieldDescriptionType
Items ListList of JSON objects, one object per Library ItemList

List Device Notes

Given a Device ID, return a list of all the Library Items and their statuses for the device.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device IDStringTRUE

Output


FieldDescriptionType
Items ListList of JSON objects, one object per Library ItemList

List Devices

Get a list of all enrolled devices. Optional query parameters can be specified to filter the results. All search fields are optional.

Options


FieldDefinitionTypeRequired
Result Set

Whether to return results directly or to stream results. Options include:

• First Matching Record

• First 200 Matching Records

• Stream Matching Records. If you choose streaming, you must choose a Helper flow to run for every device.

DropdownTRUE

Inputs


FieldDescriptionTypeRequired
User Email

Email address of the user associated with the device contains the specified string; this returns all email addresses that contain the string

StringFALSE
User Email - Exact

Exact email address of the user associated with the device

StringFALSE
User NameName of the user assigned to the deviceStringFALSE
Kandji User IDKandji-specific user ID of the user assigned to the deviceNumberFALSE
Device IDKandji-specific device IDStringFALSE
Device NameDevice nameStringFALSE
Serial NumberDevice serial numberStringFALSE
MAC AddressMAC Address of the primary network interface of the deviceStringFALSE
Asset TagAsset tagStringFALSE
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)StringFALSE
ModelDevice modelStringFALSE
OS VersionVersion of the OSStringFALSE
Blueprint IDID of the Blueprint the device is assigned toStringFALSE

Outputs


FieldDefinitionType
The following appear when First Matching Record is selected from the Result Set field.
Device IDKandji-specific device IDString
Device NameDevice nameString
ModelDevice modelString
Serial NumberDevice serial numberString
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
OS VersionVersion of the OSString
Last Check-inDate of last MDM check-inDate
UserJSON object for assigned Kandji userObject
Asset TagAsset tagString
Blueprint IDBlueprint ID the device is assigned toString
Agent InstalledWhether the Kandji Agent is installedBoolean
Is MissingWhether the device is missing from KandjiBoolean
Is RemovedWhether the device was removed from KandjiBoolean
Agent VersionVersion of the Kandji AgentString
First EnrollmentWhen the device was first enrolled with KandjiDate
Last EnrollmentWhen the device was last enrolled with KandjiDate
Blueprint NameName of the Blueprint the device is assigned toString
Devices

JSON list of objects, one object per device

Appears when First 200 Records is selected from the Result Set field.

List

Output for "First 200 Matching Records"


FieldDefinitionType
DevicesJSON list of objects, one object per deviceList

Lock Device

Send an MDM command to lock a device. For a Mac computer, a 6-digit PIN will be returned.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the Mac computer to send the MDM command toStringTRUE

Outputs


FieldDescriptionType
PINLock PIN for Mac computerString
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • 200 OK
  • 400 Bad Request
    • "Command already running" - The command may already be running in a Pending state waiting on the device.
  • 401 Unauthorized
    • Invalid access token. This can happen if the token was revoked, the required permissions are missing, or the token has expired.
  • 404 Not found
    • Unable to locate the resource in the Kandji tenant.

For a full list of possible status codes, see HTTP status codes.

Number

Manage Apple Remote Desktop

Use MDM to turn on or turn off Apple Remote Desktop for a Mac.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the Mac computer to send the MDM command toStringTRUE
Manage Remote DesktopSend an MDM command to control the Remote Management status on a Mac. This MDM command turns Remote Management on or off with Observe and Control permissions given to all users.DropdownTRUE

Outputs


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • 200 OK
  • 400 Bad Request
    • See Body below
  • 401 Unauthorized
    • Invalid access token. This can happen if the token was revoked, the required permissions are missing, or the token has expired.
  • 404 Not found
    • Unable to locate the resource in the Kandji tenant.
For a full list of possible status codes, see HTTP status codes.
String
BodyPotential explanation for a 400 Bad Requestresult:
  • "Command already running": The command may already be running in a Pending state waiting on the device.
  • "Command is not allowed for current device": Remote Desktop may already be in the desired configuration on the Mac or the command may not be compatible with the target device.
String

Play Lost Mode Sound

Send the MDM command to an iOS or iPadOS device in Lost Mode to play the Lost Mode sound. The sound plays until two minutes have elapsed, Lost Mode is turned off on the device or the user turns off the sound on the device.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of a MacStringTRUE

Outputs


FieldDescriptionType
Device IDKandji-specific device ID of a MacString
Device NameDevice nameString
Serial NumberDevice serial numberString
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
User EmailEmail address of the user associated with the deviceString
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed.String
MessageMessageString

Reinstall Kandji Agent

Reinstall the Kandji Agent. An MDM command will be triggered. This request is only applicable to Mac computers.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the Mac computer to send the MDM command toStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number

Restart Device

Restart a device. An MDM command will be triggered.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number

Send MDM Blank Push

Initiate a blank MDM push. An MDM command will be triggered.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number

Set Device Name

Send an MDM command to set the device name.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE
Device NameName to assign to the deviceStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.


Shutdown Device

Shut down a device. An MDM command will be triggered.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number


Turn Off Lost Mode

Turn off Managed Lost Mode for an iOS or iPadOS device.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE
Device NameDevice name
StringTRUE
Serial NumberSerial numberStringTRUE
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)StringTRUE
User EmailEmail address of the user associated with the deviceStringTRUE
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed.StringTRUE
MessageMessage to be displayed on the lock screenStringTRUE


Turn On Lost Mode

Turn on Managed Lost Mode for an iOS or iPadOS device. In addition to providing the Device ID, you must enter at least a Lock Message or Phone Number.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE
Lock MessageLock messageStringFALSE
Phone NumberPhone numberStringFALSE
FootnoteFootnoteStringFALSE

Output


FieldDescriptionType
Device IDKandji-specific device IDString
Device NameDevice nameString
Serial NumberDevice serial number String
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
User EmailEmail address of the user associated with the deviceString
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed.Number
MessageMessageString

Unlock User Account

Unlock a locked Mac user account. An MDM command will be triggered.

Inputs


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the Mac computer to send the MDM command toStringTRUE
UsernameUser name of the local account to unlockStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number

Update Device

Update information about a device, including the assigned Blueprint, user, and asset tag. You must include the Device ID and one of the three optional inputs.

Inputs


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to updateStringTRUE
Blueprint IDBlueprint ID to assign the device toString

FALSE

Kandji User IDKandji-specific user ID of the user to assign the device toNumberFALSE
Asset tagAsset tag to assign to the deviceStringFALSE

Outputs


FieldDescriptionType
Device
StatusStatus of the requestNumber
Device IDKandji-specific device IDString
Device NameDevice nameString
ModelDevice modelString
Serial NumberDevice serial numberString
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
OS VersionVersion of the OSString
Last Check-inDate of last MDM check-inDate
Asset TagAsset tagString
Blueprint IDBlueprint ID the device is assigned toString
MDM EnabledWhether the device is enabled for MDMBoolean
Agent InstalledWhether the Kandji Agent is installedBoolean
Is MissingWhether the device is missing from KandjiBoolean
Is RemovedWhether the device was removed from KandjiBoolean
Agent VersionVersion of the Kandji AgentString
First EnrollmentWhen the device was first enrolled with KandjiDate
Last EnrollmentWhen the device was last enrolled with KandjiDate
Blueprint NameName of the Blueprint the device is assigned toString
User
User EmailEmail address of the user associated with the deviceString
User NameName in Kandji of the user assigned to the deviceString
User IDKandji-specific user ID of the user to assign the device toNumber
User is ArchivedWhether the user is archivedBoolean

Update Inventory

Start an MDM check-in for a device, initiating the daily MDM commands and MDM logic.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number


Turn Off Lost Mode

Turn off Managed Lost Mode for an iOS or iPadOS device.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE
Device NameLock messageStringTRUE
Serial NumberPhone numberStringTRUE
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)StringTRUE
User EmailEmail address of the user associated with the deviceStringTRUE
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed.StringTRUE
MessageMessage to be displayed on lock screenStringTRUE


Update Lost Mode Location

Send the MDM command to an iOS or iPadOS device in Lost Mode to update the location data.

Input


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the device to send the MDM command toStringTRUE

Output


FieldDescriptionType
Device IDKandji-specific device IDString
Device NameDevice nameString
Serial NumberDevice serial number String
PlatformApple platform (such as Mac, iPhone, iPad, AppleTV)String
User EmailEmail address of the user associated with the deviceString
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed.Number
MessageMessageString

Unlock User Account

Unlock a locked Mac user account. An MDM command will be triggered.

Inputs


FieldDescriptionTypeRequired
Device IDKandji-specific device ID of the Mac computer to send the MDM command toStringTRUE
UsernameUser name of the local account to unlockStringTRUE

Output


FieldDescriptionType
Status CodeResult of the operation. The HTTP status code is returned by the connector and indicates whether the action taken by the card succeeded or failed. For example:
  • A 401 Unauthorized error indicates that the HTTP request was not processed because the necessary permissions were missing.

For a full list of possible status codes, see HTTP status codes.

Number