home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Deploying Lookout with JAMF Pro

Create Jamf PRO Connector in MES Console

  1. Log into Lookout Console.
  2. Click Integrations.
  3. Click the tile Jamf Pro under "Choose a product to set up." The Connector Settings page opens:


  4. Enter these parameters.
    Label for this MDM connection

    (Optional) A user-friendly name for the connector.

    If you have multiple connectors configured, this label displays in the MDM column of the Lookout MES Console Devices list so that you can determine which connector and MDM instance a device belongs to.

    Jamf Pro URLJamf Pro server URL, for example: https://<server name>.jamfcloud.com/JSSResource
    UsernameEnter the administrative username for Jamf Pro which has been provided by the Jamf administrator.
    PasswordEnter the Jamf Pro administrative password. The Jamf administrator provides an initial password which should have been changed on the first login.
  5. Click Create Integration.
    If creation is successful, a banner notification appears and additional sections become enabled.

    If you get a certificate error, click Certificate Details. Otherwise continue with Step 6.

    1. Look for errors on the certificate details screen.
      Typical errors include expired or broken certificates as shown here:
      ErrorHow to Fix the Error
      Expired certificate The certificate expiration date is in the past.Replace the MDM certificate with a new certificate.
      Broken certificate. One or more intermediate certificates do not validate correctly.Replace the MDM certificate with a valid certificate.
    2. Retry entering all required information into the Integration connector.
  6. Scroll down to Enrollment Management and enter the following:
    Automatically drive Lookout for Work enrollment on Jamf Pro managed devicesON
    Select the group which contain devices that should be enrolled in Lookout for Work:Select your enrollment Smart Group from .
    How often should Lookout check the MDM for new devices to enroll?Lookout recommends using the default 5 minute interval. You can or increase up to 360 minutes depending on how often you want to discover new devices.
    Automatically send activation emails to Jamf Pro managed devices

    OFF

    For an MDM integration, Lookout recommends to drive enrollment through your MDM, not via Lookout MES Console invitation emails.

    Delete device on unenrollmentON
  7. Click Save Changes.
  8. Scroll down to State Sync and choose parameters from the dropdown menus.
    The parameters are extended attributes configured previously in the Jamf Pro console.
  9. Scroll down to State Sync and turn ON Synchronize device status to jamf PRO.
  10. If you have purchased the feature to add specific Risk Classifications to synchronize with your MDM you can add them using this procedure.
    Otherwise continue on to step 11.
    Note:

    NOTE: If you purchased the feature to add Risk Classifications to synchronize with your MDM, a Risk Classification section is visible in the Lookout connector.

    1. In your MDM, follow the steps in Create Mobile Device Extension Attributes to define an additional unique extension attribute for each risk classification you want to synchronize with your MDM.
      Here are some examples:
      Example Risk ClassificationExample AttributeExample Description
      Phishing and Content Protection DisabledLookout MES - PCP DisabledDevices with PCP disabled
      VPN Permission Not AcceptedLookout MES - VPN ProhibitedDevices with VPN Permission not accepted
    2. In the Lookout connector Risk Classification section (visible only if you purchased this feature), follow these substeps:
      1. Click Add Risk Classification.
      2. Set to Enable.
      3. Choose the desired risk classification from the dropdown to synchronize with your MDM.
        Note:

        NOTE: Risk classification synchronization occurs only if a state sync event occurs.

      4. Choose the extension attribute for the selected risk classification from the dropdown to synchronize with your MDM.
        Note:

        NOTE: If you choose not to synchronize a specific state to your MDM, leave the corresponding toggle off.

      5. Repeat steps i - iv for each additional risk classification you want to synchronize with your MDM.
        Note:

        NOTE: Each risk classification you add here must have a corresponding unique extension attribute defined in your MDM.

  11. Scroll down to Error Management and enter an email address for error reporting.
  12. (Optional) Scroll down to Group Management and enter a Lookout MES Console Device Group for new devices from this connector.
    Note:

    NOTE: By default, new devices are added to the Default Group in the Lookout MES Console. For more information about Device Groups, see the Lookout MES Console Administrator's Guide.

  13. Scroll up and click Save Changes in the top right corner.
    You can review connector settings from the Integrations module at any time.
  14. If you are running multiple Jamf Pro tenants, repeat these steps to create one connector per tenant.

Last updated: September 30, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.