Lock macOS Following Offboarding an Employee

scottadamson
scottadamson Member, Administrator, Moderator, Oomnitza Team admin
edited August 11 in Workflow library

When offboarding an employee, it may be necessary to lock a device for security purposes and assure the departing user no longer has access to the equipment and the data on the device.

The systems/services being acted upon

  • Oomnitza
  • Jamf

Credentials required & how/where to obtain

  • Oomnitza API
  • Jamf API

Additional Oomnitza field required/recommended

  • Jamf ID

Blocks required and suggested

  • Begin
  • API
  • API
  • Notification
  • End

Commands and calls

  • Begin
    • Offboarding
  • Oomnitza API
    • Collect the Jamf ID from Oomnitza (captured leveraging Jamf integration)
    • Workflow Variable for JamfID
    • Jamf API
  • Sent the lock command to the appropriate computer
  • Notification
    • Success
      • Message “Device has been locked for {{full_name}}
    • Failure
      • Message “The device for {{full_name}} did NOT lock via JAMF”
  • End

Results

The device will lock (with the code listed in the body) and notify IT that the command has been sent.

Caveats

Locking (or any other device command) between Jamf and the device requires an internet connection and a “check-in” of the device. If this does not happen (and may not happen for a few minutes, hours, or longer), the command will NOT execute.

Troubleshooting/Error Codes?

None