If you’ve spent enough time living inside Jamf Pro, you eventually run into the same problem: someone set a configuration somewhere, sometime, and nobody remembers where. It might be something obscure – a certificate payload, a conditional SSO predicate, or that one security preference quietly misbehaving on three machines in accounting. And when you have dozens of configuration profiles, each with multiple payloads, nested keys, and XML-wrapped values, finding that setting can feel like forensic archaeology.
We’ve all been there, scrolling through the Jamf UI, expanding payloads, repeatedly searching in the browser hoping to get lucky. Eventually you realize: I need a better way to search this stuff.
That’s why I built a Python script to search Jamf Pro’s configuration profiles directly via API. It pulls profile XML, looks for a search term, and tells you exactly which profiles match — whether they’re macOS or mobile, scoped or not, archived or active. It’s fast, it respects Jamf’s token-based auth model, and most importantly, it removes guesswork. I don’t like guesswork.
Why Create Another Jamf Profile Search Tool?
There are already ways to do this — but I wasn’t trying to reinvent the wheel. I was trying to build a reliable, script-driven tool for environments where automation, repeatability, and security matter.
I wanted three things specifically:
-
Modern authentication
Token-based auth instead of UI scraping or baking clear-text creds into scripts. -
Portability
Something that runs cleanly on macOS, Linux, inside CI, or as part of a security toolkit. -
Context-aware output
Not just “where is this key,” but whether the profile is enabled, scoped, or archived.
Sometimes you just need precision — and you want it fast.
Why Python?
Jamf admins love Bash, and for good reason — it’s everywhere, it’s powerful, and for quick hitters it’s great. But for API-heavy workflows, Python gives us:
- Reliable HTTP libraries
- Structured error handling
- Readable XML/JSON parsing
- Better automation support
- Stable environment for secrets handling
Python lets us use Jamf’s token model cleanly. No brittle parsing, no chained curl pipes, and no risking credentials in temp history.
It’s not just about speed — it’s about doing it right.
How It Works
You provide a search term, and the script:
- Authenticates to Jamf via token
- Retrieves all configuration profile XML
- Searches for the string case-insensitively
- Reports results with context
Usage example:
python3 jamf_profile_search.py \
--url https://yourorg.jamfcloud.com \
--user api_reader \
--pass "$JAMF_PASS" \
--term Kerberos
macOS-only:
python3 jamf_profile_search.py --term "FileVault" --which mac
See archived and unscoped configs:
python3 jamf_profile_search.py \
--term "SSO" \
--include-archived \
--include-unscoped-and-disabled
It’s a Jamf search engine without the click-scroll-repeat pain.
Featured Alternative: A GUI-Driven Profile Search
Not everyone wants to live in Terminal land — and that’s totally valid. One of the best community tools in this space is Scott Kendall’s Jamf Config Profile Search project.
Jamf Config Profile Search – GitHub Repository
Scott went the extra step and built a GUI, which makes it far more approachable for admins who prefer clicking to shell flags.
Download from his repo, launch the GUI, provide your Jamf URL and credentials, and you can search your profile XML without touching a command line. It’s friendly, fast for one-off inspections, and great for support staff or junior techs who just need visibility without needing to know regex or API internals.
Where Scott’s GUI Shines
- ✅ Easy to run with zero Python or pip installs
- ✅ No command flags to memorize
- ✅ Results visible in a window, not just stdout
- ✅ Fantastic for “find this setting right now” moments
- ✅ Lower barrier of entry for newer Jamf admins
Where Python Adds Value
My Python script shines when you need:
- CI/CD or automation support
- Token authentication workflows
- Audit logging / repeatable reporting
- Filtering (enabled, scoped, archived)
- Remote or containerized execution
GUI vs CLI isn’t a competition — it’s choice. Scott’s tool is approachable and visual. Mine leans into automation and scale. Use whichever aligns with your workflow. In fact, use both. I do.
Security Considerations
Security matters — especially when you start automating API access. This script:
- Uses short-lived token authentication
- Avoids printing credentials or tokens
- Supports environment-based secret injection
- Avoids local XML dumping by default
- Can run without placing credentials in history
You get transparency without tradeoffs — and that’s the goal.
Closing Thoughts
Visibility is the first step toward control — especially in tools like Jamf where config sprawl grows quietly over time. When things break, or worse, when they break silently, knowing exactly which profile holds which keys can save hours.
This script gives you clarity and confidence. Scott’s GUI gives you speed and accessibility. Both exist to make Jamf administration a little less mysterious, a little less tribal, and a lot more predictable.
If this helps you during a late-night “why is SSO breaking for only six machines?” debugging session, or before a large compliance audit, then it did its job.
And if it saves you from scrolling through XML at 5 PM on a Friday — you’re welcome.
Resources
-
Python Jamf Profile Search Script
https://github.com/jonbrown21/macOS-JAMF-Scripts/tree/main/Scripts/JAMF/Profile%20Search -
Scott Kendall’s Jamf Config Profile Search (GUI)
https://github.com/ScottEKendall/JAMF-Pro-Scripts/tree/main/JAMFConfigProfileSearch -
Jamf Classic API Authentication
https://developer.jamf.com/jamf-pro/docs/classic-api-authentication -
Python Requests Documentation
https://requests.readthedocs.io/en/latest/
Ready to take your Apple IT skills and consulting career to the next level?
I’m opening up free mentorship slots to help you navigate certifications, real-world challenges, and starting your own independent consulting business.
Let’s connect and grow together — Sign up here
AI Usage Transparency Report
AI Era · Written during widespread use of AI tools
AI Signal Composition
Score: 0.38 · Moderate AI Influence
Summary
A Python script for searching Jamf Pro's configuration profiles directly via API, providing a reliable and portable tool for environments where automation and security matter.
Related Posts
Two PPPC Tools I Would Add After the Profile Looks Right
A follow-up on two tools worth adding to a PPPC troubleshooting workflow: PPPC_Analyser for inspecting app privacy requirements and QuickJamfDeploy for forcing the Jamf management framework into place during deployment.
Audit Jamf API Roles Before They Become Forgotten Access
A read-only Jamf Pro API role audit script that reports role privilege reach, write-capable access, review priority, and API client inventory without changing Jamf.
Review the Smart Group Before You Scope the Policy
Review your Smart Group before you ever scope a Jamf policy. Validate inventory, understand your signals, test exclusions, and prove the group works before it reaches production.
Build Jamf DDM Update Blueprints for macOS and iOS
How I set up Jamf software update blueprints for macOS and iOS using Declarative Device Management, staged scope, clear enforcement timing, and visible deployment progress.
Review the Package Before You Build the Policy
A Jamf-focused package review workflow for checking installer signing, package contents, scope, validation, and rollback before a policy reaches production Macs.
Jamf Was My Mac Evidence Layer for CMMC
How Jamf Compliance helped support the Mac portion of a CMMC assessment, and why I added a small read-only CSV summary script for auditor-ready failed-result evidence.
Adobe in Jamf: To Package or Not to Package
A Jamf Pro workflow for deciding when Adobe software should be deployed as a manual Adobe package and when the Jamf App Catalog path is the better fit.
Updating Jamf Pro Compliance Baselines from the macOS Security Compliance Project
How to update an existing Jamf Pro Compliance benchmark when new macOS Security Compliance Project baseline content becomes available.
The PPPC Profile I Check Before I Blame the App
PPPC profiles are one of those Mac administration tools that look simple until a real deployment exposes the edge cases. This walkthrough uses Zoom screen sharing and Backblaze Full Disk Access to show three practical paths: a manual plist, Jamf Pro natively, and Jamf PPPC Utility.
Ranking Jamf Extension Attributes by Smart Group Usage
I built a read-only Python script for Jamf Pro that ranks computer extension attributes by how often they are referenced in Smart Computer Groups and writes JSON and HTML reports for review.