MDM integration
Petros Amoiridis
Connecting an MDM provider to your Workspace lets Workbrew enrich Device records with metadata from your MDM. On Pro and Enterprise plans, it also enables automatic Device Group sync.
Supported providers
| Provider | Display name | Required credentials |
|---|---|---|
| Jamf | Jamf | Host, API Client ID, API Client Secret |
| Iru (formerly Kandji) | Iru (formerly Kandji) | Host, API Token |
| SimpleMDM | SimpleMDM | API Secret Access Key |
| Fleet | Fleet | Host, API Token |
| JumpCloud | JumpCloud | API Token |
| Microsoft Intune | Microsoft Intune | Tenant ID, Client ID, Client Secret |
All credentials are encrypted at rest. Providers that do not require a host use a fixed endpoint.
What connecting an MDM provides
Device metadata
Workbrew queries the MDM for each Device and stores the following fields:
| Field | Description |
|---|---|
| MDM device ID | The Device's unique identifier in the MDM |
| MDM user ID | The user assigned to the Device in the MDM, if any |
| MDM display name | The assigned user's name or the Device name |
This metadata is refreshed at most once per day per Device. When present, the MDM display name appears alongside the Device's serial number throughout the Workbrew Console and is included in Device search.
Direct links to your MDM
When a Device has an MDM device ID, the Workbrew Console shows a View on [provider] link that opens the Device's record in your MDM dashboard.
Device Group sync (Pro and Enterprise)
On paid plans, Workbrew automatically syncs Device Groups from your MDM every 6 hours. See MDM Device Group sync for the full sync schedule and behavior.
Connection validation
When you save MDM credentials, Workbrew performs a test API call against your MDM to verify connectivity. If the test fails, the credentials are not saved and an error is displayed:
| Error | Meaning |
|---|---|
| Unauthorized | The API token or credentials are invalid or expired |
| Forbidden | The credentials lack the required permissions |
| Not found | The MDM host or API endpoint could not be reached |
| Connection failed | A network or DNS error prevented the connection |
| SSL error | TLS certificate validation failed |
| Server error | The MDM provider returned a server-side error |
When credentials are changed, existing MDM metadata on all Devices is cleared and re-fetched from the new provider.
Related docs
- MDM Device Group sync - what gets synced, sync schedule, and synced group behavior
- How MDM Device Group sync works - design decisions behind the sync mechanism
- Getting started - initial setup, including connecting an MDM provider