JSON Web Token for Securing In-House Content

Generating an SSH Key Pair

Step 1
ssh-keygen -t rsa

Step 2, you should find this .pem file in the root of your user folder
openssl genrsa -out key.pem 2048

Link: https://docs.jamf.com/10.40.0/jamf-pro/documentation/Hosting_Locations.html#ID-00036e5d

Configuring a JSON Web Token
In Jamf Pro, click Settings in the top-right corner of the page.
In the Global Management section, click PKI Certificates .
Click the JSON Web Token Configuration tab.
Click New .
Enter a display name for the token.
Select one of the following encryption key options:
Choose Paste or Type Encryption Key, then enter the RSA private encryption key in the Paste the Encryption Key Below field.
Choose Upload Encryption Key File, then click Choose File to upload a .pem file containing the RSA private encryption key.
Note: To generate the private encryption key file on a Mac, open Terminal and execute the following command:
openssl genrsa -out key.pem 2048

From the Token Expiry pop-up menu, select a time period during which in-house apps and books can be downloaded. After the specified time period, in-house apps and books can no longer be downloaded.
Click Save .

When Jamf Pro sends the device a command to install an in-house app or ebook, a new JWT is generated and added to the download URL as a “token” query parameter. For example, the download URL https://example.com/download/example_app.ipa would look similar to the following with the JWT added:




To configure JSON Web Token (JWT) in Jamf Pro, you will need to follow these steps:

In Jamf Pro, go to the “Settings” tab and select “Global Management”.

Under “API”, select “API Access”.

Select “JWT Token” from the “Authentication Method” drop-down menu.

In the “API Server URL” field, enter the URL for your JWT server.

In the “API Server Secret” field, enter the secret key for your JWT server.

In the “API Server Audience” field, enter the audience value for your JWT server.

Click “Save” to save your changes.

Once you have completed these steps, your Jamf Pro server will be configured to use JWT for API access. Keep in mind that you may need to configure your JWT server accordingly to work with Jamf Pro.

Note: These are general guidelines, for detailed information you should consult the official Jamf Pro documentation.


To configure a JWT server to work with Jamf Pro, you will need to follow these steps:

Create a private key and public certificate for your JWT server. These will be used to sign and verify the JSON Web Tokens (JWTs) that are sent between the JWT server and Jamf Pro.

In Jamf Pro, navigate to the JWT Tokens settings and configure your JWT server by providing the public certificate you created in step 1.

In your JWT server, configure it to use the private key you created in step 1 to sign the JWTs that it sends to Jamf Pro.

Test the connection between your JWT server and Jamf Pro by generating a JWT on your server and sending it to Jamf Pro. Verify that it is able to successfully authenticate the JWT and that you are able to access the Jamf Pro API using the JWT.

If you are using a third-party JWT library, you may need to consult the library’s documentation for specific instructions on how to configure it to work with Jamf Pro.

It is recommended to consult Jamf Pro documentation for more details and specific instructions


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *