Integrate Kandji's Apple device management solution with Okta Workflows
You can use the Kandji connector to integrate Kandji device management with Okta Workflows to help automate critical components of the user lifecycle that are prone to friction or manual error.
This article covers how to authorize your Kandji instance for Okta Workflows.
After successfully authorizing your Kandji instance for Okta Workflows, you can use Kandji connector action cards in Okta Workflows.
Authorize Your Kandji Instance
When you add a Kandji card to a Workflow for the first time, you'll be prompted to configure the connection. This will enable you to connect your Kandji API token, save your token information, and reuse the connection for future Workflows.
Note: You can create multiple connections and manage them from your Connections page.
Create a Kandji Connection
Okta Workflows admin credentials;
- Kandji Connection nickname;
- Kandji API key;
- Kandji domain (following the format accuhive.clients.us-1.kandji.io or accuhive.clients.eu.kandji.io).
You can create more than one connection—if, for instance, you have multiple Kandji instances or you are testing multiple Kandji API tokens. To make a connection, the Kandji API token must be configured with at least "Device list" permissions. The Kandji API token must allow the appropriate access for the given task. For example, to gather information about all devices, the Kandji API token must have permissions for the following:
|Devices: Device Information: Device list||Get a list of all devices in the Kandji instance|
|Devices: Device Information: Device details||Get the full details for a specific device|
Create an API Token in Kandji
To create an API token to use for the Kandji connector:
- Confirm that your Kandji instance has API enabled. If it doesn't, contact your Customer Success Manager.
- Sign in to the Kandji web app with administrator credentials.
- In the left sidebar, click Settings.
- Click Access
- In the API Token section, if your instance doesn't already have an API Token, click Add API Token
Otherwise, click Add Token.
- In the Name field, enter a name such as Okta Workflows.
- In the Description field, enter a description such as Allow Okta Workflows to use the Kandji API.
- Click Create.
- In the Copy your API token dialog, click Copy Token.
- Store the copied token in a safe place. If you lose the text for the token, you can delete it before you use it and create a new one with the steps above. You'll use this token in step 3 of the next section.
- Select the checkbox for I have copied the token and understand that I will not be able to see these details again.
- Click Next.
- In the Manage API Permissions dialog, click Configure.
- In the Permissions section, select the checkbox for each area to which you want Okta Workflows to have access. For example, select the checkbox for Blueprints Management to enable all permissions for inspecting and modifying Blueprints. Note: You can click the disclosure triangle to the right of the permission type to display more specific permissions.
- Review the permissions you've configured for the API token.
- Click Save then Close.
- In the API Token section, confirm that your new token is displayed.
- In your organization's API URL field, copy or make a note of your Kandji domain.
Set Up a Connection
- In Okta Workflows, from the Connections page or any card, click New Connection.
- In the New Connection window, scroll if necessary, then select Kandji.
- In the Connection Nickname field, enter a unique name that will help you distinguish multiple Kandji instances or multiple Kandji API keys.
- In the API key field, enter or paste the text of the API token you generated in step 10 of the previous section.
- In the Kandji domain field, enter your full Kandji domain (from step 18 of the previous section).
The Kandji connector is now configured, and this connection is ready to be used with available cards for the connector.
- In a Workflow, click Add app action.
- In the My Connected Apps section, click Kandji.
- Select a connector card.
- Configure the card and continue building your workflow.