Computers: Device details, including hardware information, operating system version, disk encryption status, installed applications, running services, configuration profiles, and local user accounts.

Accounts: Jamf user accounts used for linked account monitoring.

Vendors: Third-party software vendors inferred from installed applications (identified by bundle ID) on your Jamf-managed computers, used for vendor inventory and related workflows in Vanta.

Device compliance monitoring

Automated evidence collection

Endpoint inventory tracking

Security posture assessments (such as disk encryption, screen lock configuration, antivirus detection, and password manager detection)

You create an API Role with specific read-only permissions

You generate a Client ID and Client Secret

Device compliance monitoring: Evaluates whether computers meet security requirements such as disk encryption (FileVault), screen lock configuration, and antivirus presence.

Automated evidence collection: Generates compliance evidence for frameworks such as SOC 2, ISO 27001, and HIPAA based on collected device data.

Password manager detection: Identifies whether approved password managers are installed on devices.

Linked accounts: Maps Jamf user accounts to Vanta personnel to support access review workflows.

Vendor inventory: Surfaces third-party applications observed via Jamf as vendor records, including which managed computers have them installed.

Demonstrate Endpoint Compliance for Audits (SOC 2, ISO 27001, HIPAA): Automatically provide evidence that managed macOS devices meet security requirements such as disk encryption (FileVault), screenlock enforcement, antivirus protection, and password manager usage — without manual evidence collection.

Continuously Monitor macOS Fleet Security Posture: Maintain ongoing visibility into device compliance status across your organization, including OS version, encryption state, installed applications, and running security services.

Scope audit evidence to relevant devices: Use Jamf Sites or the "VantaNoAlert" computer group to filter which devices Vanta monitors, ensuring compliance reporting includes only machines relevant to a specific audit or business unit.

Reduce IT effort during audit preparation: Eliminate manual exports, screenshots, and spreadsheet compilation by synchronizing device and account data directly from Jamf Pro into Vanta.

Jamf admin account access reviews: Map Jamf Pro admin accounts to your personnel directory to support periodic access reviews of who has administrative access to your MDM.

A Jamf Pro Cloud instance (for example, yourdomain.jamfcloud.com)

Administrator access or sufficient privileges to create API Roles and API Clients in Jamf Pro

Log in to your Jamf Pro dashboard.

Click the Settings (gear icon) in the top right or side navigation.

Go to System → API roles and clients.

Select the API Roles tab and click + New.

Under Display Name, enter vanta_test_role (or a name of your choice).

In the Privileges section, search for and add the following Read permissions:

Click save.

Switch to the API Clients tab and click + New

Under Display Name, enter vanta_client_cred

Under API Roles, select the role created in Step 1 (for example, vanta_test_role)

Ensure the client is set to Enabled

Click Save

After saving, click Generate Client Secret

Open Vanta and navigate to Integrations from the left-hand panel

Search for Jamf Pro in the Available tab and select Connect

In the connection modal, provide the following:

Select Validate and store

Navigate to Connected Integrations

Locate Jamf Pro and select Configure Scope

Review the list of Jamf Accounts and Computers

Toggle specific resources In Scope or Out of Scope based on your compliance requirements

Nothing - Vanta has read-only access and cannot modify your Jamf Pro configuration, devices, or policies