Form to Wipe
Form to Wipe (FTW) is a secure, approval-gated device wipe workflow that connects Slack or GitHub to the Jamf Platform API. A requestor submits a wipe request; a separate approver reviews and approves it; the workflow sends an MDM erase command to the target device. Every step is logged.
FTW is available in two deployment paths. The architecture and security model are identical across both — only the interface and infrastructure requirements differ.
How It Works
Requestor submits → Approver reviews → Requestor confirms → Erase command sent → Results logged
- A requestor submits a wipe request via a Slack slash command or GitHub Issue, specifying the target tenant, device type, device ID(s), and a reason.
- The workflow routes the request to an approver. The approver cannot be the same person as the requestor — this is enforced at the platform level in both paths.
- The approver reviews the request and approves or denies it.
- If approved, the requestor receives a final confirmation prompt before the erase command fires.
- The workflow calls the Jamf Platform API to send an MDM erase command to each target device.
- Results are posted back to the requestor and written to an audit log.
Supported Targeting
FTW supports three ways to specify which devices to wipe:
- Single device — one Jamf Pro record ID
- Multiple devices — comma-separated list of Jamf Pro record IDs
- Device group — smart or static group name, resolved to member device IDs via the Platform API at runtime
Supported Device Types
| Type | Platform | Erase Options |
|---|---|---|
| Computer | macOS | Optional Find My PIN |
| Mobile Device | iOS / iPadOS | Preserve data plan, clear Activation Lock, return to service, disallow proximity setup |
Multi-Tenant Support
Both deployment paths support multiple Jamf tenants. Tenants are configured as paired lists of display names and UUIDs. The requestor selects a tenant from a dropdown at submission time — the selected tenant is carried through every downstream step automatically.
JAMF_TENANT_NAMES = Production, Staging, Lab
JAMF_TENANT_IDS = aaaaaaaa-..., bbbbbbbb-..., cccccccc-...
Security Model
FTW is built around three security principles:
Separation of duties. The requestor cannot approve their own request. This is enforced at the platform level — GitHub branch protection rules and Slack modal routing logic both prevent self-approval before the request reaches an approver.
Audit trail. Every action — submission, approval, denial, confirmation, erase result, timeout — is logged with actor identity, timestamp, and tenant. The GitHub Workflow path uses merged Pull Requests as immutable audit records; the n8n path writes to a Slack audit channel.
Credential isolation. Jamf Platform API credentials are stored as environment secrets, never in workflow code or request bodies. The n8n path uses a shared secret token to verify that incoming Slack requests are genuine before processing them.
Jamf Platform API Prerequisites
Both paths require a Jamf Platform API OAuth2 client with the following privileges:
| Privilege | Why it's needed |
|---|---|
Read Computers |
Look up computer name and management ID by record ID |
Read Mobile Devices |
Look up mobile device name and management ID by record ID |
Read Computer Groups |
Resolve smart and static group membership for group-scope targeting |
Read Mobile Device Groups |
Resolve mobile device group membership for group-scope targeting |
Send Computer Remote Erase Command |
Issue erase command to macOS devices |
Send Mobile Device Remote Erase Command |
Issue erase command to iOS/iPadOS devices |
Create the API client in Jamf Pro under Settings → API roles and clients → API Clients → New.
Choosing a Deployment Path
| n8n | GitHub Workflow | |
|---|---|---|
| Interface | Slack modal | GitHub Issue + PR |
| Approval UX | Slack DM | PR review |
| Approver source | Entra, Okta, or Slack usergroup | Branch protection + CODEOWNERS |
| Audit log | Slack channel | Git history (permanent) |
| Infrastructure | n8n instance required | None (GitHub-hosted runners) |
| Real-time timeout | ✅ Configurable | ❌ Manual close |
| Cost | n8n license | Free (public) / Actions minutes |
Choose n8n if your team already runs n8n, you want a Slack-native modal experience, or you need Okta or Slack usergroup-based approval routing.
Choose GitHub Workflow if you want zero infrastructure, audit trail is a priority (every wipe is a merged PR — permanent git history), and your IT team is comfortable working in GitHub.
Ready to deploy? Jump to the guide for your chosen path: